Update alpine to 3.18 #364

orgads · 2023-10-09T16:34:34Z

No description provided.

Signed-off-by: Orgad Shaneh <orgad.shaneh@audiocodes.com>

orgads · 2023-10-23T14:02:34Z

orgads · 2023-10-23T14:03:55Z

Alpine 3.17 is vulnerable to CVE-2022-48174.

ashie · 2023-10-23T23:50:56Z

CVE-2022-48174 is for less than busybox 1.35 while Alpine 3.17 uses busybox 1.35.
So it's false positive.

Please see also #362 (comment)

orgads · 2023-10-24T03:05:50Z

CVE-2022-48174 is for less than busybox 1.35 while Alpine 3.17 uses busybox 1.35. So it's false positive.

Please see also #362 (comment)

Alpine 3.17 has busybox 1.29. See #362 (comment)

And even if it has been fixed in 3.17 - do you have a good reason not to upgrade to 3.18?

ashie · 2023-10-24T05:08:26Z

Alpine 3.17 has busybox 1.29. See #362 (comment)

Please see the comment carefully, it's 1.35-r29, not 1.29.

And even if it has been fixed in 3.17 - do you have a good reason not to upgrade to 3.18?

Please see the just above comment in the issue: #362 (comment)

orgads · 2023-10-24T10:49:44Z

Sorry, you're right. JFrog X-Ray scanner got me confused.

orgads force-pushed the alpine-3.18 branch from 39bad0c to 85d4bee Compare October 9, 2023 16:49

Update alpine to 3.18

4d7dbb7

Signed-off-by: Orgad Shaneh <orgad.shaneh@audiocodes.com>

orgads force-pushed the alpine-3.18 branch from 85d4bee to 4d7dbb7 Compare October 9, 2023 16:49

ashie closed this Oct 23, 2023

orgads deleted the alpine-3.18 branch October 24, 2023 10:49

Provide feedback