Skip to content

Typo in 3.12's curl APKBUILD

(Copied from https://gitlab.alpinelinux.org/alpine/infra/docker/secdb/-/issues/8 - sorry, this is an aports issue, not a secdb issue)

In this commit from 2 weeks ago, entries were added in secfixes for CVE's. However, the corresponding version was not added to the yaml, so the yaml is invalid. Instead of

# secfixes:
#     - CVE-2021-22897
#     - CVE-2021-22898
#     - CVE-2021-22901
#   7.76.0-r0:
#     - CVE-2021-22876
...

It should be

# secfixes:
#   7.77.0-r0:       #This is the added line
#     - CVE-2021-22897
#     - CVE-2021-22898
#     - CVE-2021-22901
#   7.76.0-r0:
#     - CVE-2021-22876
...

This is causing secdb.alpinelinux to no longer report on curl CVEs in 3.12.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information