Resolution for CVE-2025-26519

[JacobStevensMHC]

CVE-2025-26519:
We are being affected by this CVE in several of our production Docker instances that use alpine linux, and would like to know the timeline on the release date of 1.2.6 with the fix below:

All users should apply the source patches included/attached below. The
first fixes the bug (incorrect input byte validation) responsible for
the vulnerability, and the second closes off the vector by which this
class of bug escalated to an out-of-bounds write. These patches should
apply cleanly to all versions affected by the bug.

Users of musl libc based distributions should obtain an updated
package with the patch applied through their distributon's update
channels.

Static-linked binaries that cannot easily be relinked may be patched
to inhibit the vulnerability, at the cost of disabling support for
decoding EUC-KR text, by searching the binary, using a
binary-clean/hex editor, for the byte sequence:

"euckr\0ksc5601\0ksx1001\0cp949\0"

and replacing it with:

"-----\0-------\0-------\0-----\0"

Since non-alphanumeric-ASCII characters are stripped from the charset
name by iconv_open, this change will render EUC-KR and all aliases for
it unmatchable, thereby making the vulnerable code unreachable.