Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 677
    • Issues 677
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 208
    • Merge Requests 208
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #12335

Closed
Open
Opened Jan 20, 2021 by Lena@LenaHoinkis

p11-kit still contains version 0.23.22-r0 and therefore vulnerabilities

When I run alpine v3.13.0 and install gnupg (apk update && apk upgrade && apk add --no-cache bash gnupg) p11-kit-0.23.22-r0 is still used.

$ apk info p11-kit

p11-kit-0.23.22-r0 description:
Library for loading and sharing PKCS#11 modules

p11-kit-0.23.22-r0 webpage:
https://p11-glue.freedesktop.org/

p11-kit-0.23.22-r0 installed size:
1200 KiB

This is also shown in the package details.

Anyway this version has 3 security vulnerabilities (CVE-2020-29361, CVE-2020-29362, CVE-2020-29363) and needs to be updated to p11-kit-0.23.22. Which should be already fixed, see the file p11-kit.

Why is still the old version used?

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#12335