Our ARM infrastructure is unreachable at the moment, so CI jobs will time-out and packages will not be updated until the servers are back.
An incorrect fix version was added for CVE-2021-28831 in commit a8847f26. That commit references busybox 1.32 which isn't available in Alpine 3.12. The fix was originally committed in 0d639f13 along with the correct secfix version.