[3.3] CVE-2017-15650 musl
musl 1.1.16 and previous are affected by CVE-2017-15650. The issue was resolved in 1.1.17 which is currently in the edge repository.
The patch looks simple and is said to apply cleanly to “all recent versions”. I suggest including the patch in all currently supported Alpine releases, assuming it does indeed apply cleanly.
https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
http://openwall.com/lists/oss-security/2017/10/19/5
(from redmine: issue id 8034, created on 2017-10-23, closed on 2017-10-23)
- Relations:
- parent #8026 (closed)
- Changesets:
- Revision ee51f150 by Natanael Copa on 2017-10-23T19:30:14Z:
main/musl: fix CVE-2017-15650
fixes #8034