musl 1.1.16 and previous are affected by CVE-2017-15650. The issue was resolved in 1.1.17 which is currently in the edge repository. The patch looks simple and is said to apply cleanly to "all recent versions". I suggest including the patch in all currently supported Alpine releases, assuming it does indeed apply cleanly.