6 matches found
ALPINE-CVE-2026-3644
The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output validation applie...
GHSA-X9P2-77V6-6VHF FrankenPHP has delayed propagation of security fixes in upstream base images
Delayed propagation of security fixes in upstream base images Summary Vulnerability in base Docker images PHP, Go, and Alpine not automatically propagating to FrankenPHP images. FrankenPHP's container images were previously built only when specific version tags were updated or when manual trigger...
EUVD-2021-24823
Malware in sbrugna...
OPENSUSE-SU-2021:0695-1 Security update for alpine
This update for alpine fixes the following issues: Update to release 2.24 A few crash fixes Implementation of XOAUTH2 for Yahoo! Mail. Update to release 2.23.2 Expansion of the configuration screen for XOAUTH2 to include username, and tenant. Alpine uses the domain in the From: header of a messag...
OPENSUSE-SU-2021:0675-1 Security update for alpine
This update for alpine fixes the following issues: Update to release 2.24 A few crash fixes Implementation of XOAUTH2 for Yahoo! Mail. Update to release 2.23.2 Expansion of the configuration screen for XOAUTH2 to include username, and tenant. Alpine uses the domain in the From: header of a messag...
CVE-2020-14929
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do...