Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare
  • Issues 736
    • Issues 736
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 327
    • Merge requests 327
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpinealpine
  • aportsaports
  • Issues
  • #11912
Closed
Open
Issue created Sep 02, 2020 by Natanael Copa@ncopaOwner

main/wpa_supplicant: CVE-2017-13077 reported to be fixed twice in secfixes comment

From IRC:

  1. Overloaded CVE's on the same package for different fixed versions - For example, package "wpa_supplicant" in https://secdb.alpinelinux.org/v3.11/main.json has CVE-2017-13077 both under secfix 2.7-r0 and under secfix 2.6-r7.

This was introduced with 5d9b6ee3. I think we backported the secfixes in 2.6-r7.

We should check the other branches and clean this up.

May also be good to have some tooling to prevent this from happening?

@Leo do you think the apkbuild-linter can look for duplicate CVEs in secfixes comment?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking