(Copied from https://gitlab.alpinelinux.org/alpine/infra/docker/secdb/-/issues/8 - sorry, this is an aports issue, not a secdb issue)
In this commit from 2 weeks ago, entries were added in secfixes for CVE's. However, the corresponding version was not added to the yaml, so the yaml is invalid. Instead of
# secfixes:
# - CVE-2021-22897
# - CVE-2021-22898
# - CVE-2021-22901
# 7.76.0-r0:
# - CVE-2021-22876
...
It should be
# secfixes:
# 7.77.0-r0: #This is the added line
# - CVE-2021-22897
# - CVE-2021-22898
# - CVE-2021-22901
# 7.76.0-r0:
# - CVE-2021-22876
...
This is causing secdb.alpinelinux to no longer report on curl CVEs in 3.12.
Confirmed I see it in secdb. Thanks for the quick fix!
Moved to aports.
In this commit from 2 weeks ago, entries were added in secfixes for CVE's. However, the corresponding version was not added to the yaml, so the yaml is invalid. Instead of
# secfixes:
# - CVE-2021-22897
# - CVE-2021-22898
# - CVE-2021-22901
# 7.76.0-r0:
# - CVE-2021-22876
...
It should be
# secfixes:
# 7.76.1-r0: #This is the added line
# - CVE-2021-22897
# - CVE-2021-22898
# - CVE-2021-22901
# 7.76.0-r0:
# - CVE-2021-22876
...
This is causing secdb.alpinelinux to no longer report on curl CVEs in 3.12.
(Copied from https://gitlab.alpinelinux.org/alpine/infra/docker/secdb/-/issues/8 - sorry, this is an aports issue, not a secdb issue)
In this commit from 2 weeks ago, entries were added in secfixes for CVE's. However, the corresponding version was not added to the yaml, so the yaml is invalid. Instead of
# secfixes:
# - CVE-2021-22897
# - CVE-2021-22898
# - CVE-2021-22901
# 7.76.0-r0:
# - CVE-2021-22876
...
It should be
# secfixes:
# 7.77.0-r0: #This is the added line
# - CVE-2021-22897
# - CVE-2021-22898
# - CVE-2021-22901
# 7.76.0-r0:
# - CVE-2021-22876
...
This is causing secdb.alpinelinux to no longer report on curl CVEs in 3.12.
In this commit from 2 weeks ago, entries were added in secfixes for CVE's. However, the corresponding version was not added to the yaml, so the yaml is invalid. Instead of
# secfixes:
# - CVE-2021-22897
# - CVE-2021-22898
# - CVE-2021-22901
# 7.76.0-r0:
# - CVE-2021-22876
...
It should be
# secfixes:
# 7.76.1-r0: #This is the added line
# - CVE-2021-22897
# - CVE-2021-22898
# - CVE-2021-22901
# 7.76.0-r0:
# - CVE-2021-22876
...
This is causing secdb.alpinelinux to no longer report on curl CVEs in 3.12.