Skip to content
This repository has been archived by the owner on Jun 6, 2023. It is now read-only.

openssl vuln in alpine 3.11.5 #28

Closed
xquery opened this issue May 1, 2020 · 2 comments · Fixed by #32
Closed

openssl vuln in alpine 3.11.5 #28

xquery opened this issue May 1, 2020 · 2 comments · Fixed by #32
Assignees
@xquery
Labels
bug Something isn't working

Comments

@xquery
Copy link
Member

xquery commented May 1, 2020
edited
Loading

deeper scanning reveals an issue with openssl for alpine 3.11.5

this is captured in travis build log here
https://travis-ci.org/github/curl/curl-docker/builds/682221352#L22408

openssl | CVE-2020-1967 is described here
https://nvd.nist.gov/vuln/detail/CVE-2020-1967
@xquery xquery self-assigned this May 1, 2020
@xquery xquery added the bug Something isn't working label May 1, 2020
@xquery
Copy link
Member Author

xquery commented May 4, 2020

@bagder observes that we do not use the function affected so probably low risk (in terms of curl)

xquery added a commit that referenced this issue May 4, 2020
@xquery
update openssl (fixes #28)
a72fa05
@xquery xquery mentioned this issue May 4, 2020
Merged
xquery added a commit that referenced this issue May 4, 2020
@xquery
update openssl (fixes #28)
99d7371
@xquery xquery closed this as completed in #32 May 4, 2020
xquery added a commit that referenced this issue May 4, 2020
@xquery
Merge pull request #32 from curl/fix_openssl
cdd705a 
update openssl (fixes #28) - this runs apk update/upgrade to ensure openssl package is updated.
@xquery
Copy link
Member Author

xquery commented May 4, 2020

as this vuln does not affect curl ... we will push change with next release.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@xquery xquery

Labels
bug Something isn't working
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update openssl (fixes #28) curl/curl-docker
1 participant
@xquery