Paul Eggert <[email protected]> writes: > On 2026-05-12 21:22, Yazdan Soltani wrote: >> One question: do you expect this to be tracked only as bug#81022, or should >> a CVE be requested for the fixed vulnerability? > > Feel free to request one; I won't bother as nobody uses znew -P.
Or znew in general. I wonder how many people actually use the 'compress' program or deal with files created by it. Yazdan, you can also send a summary of the issue to [email protected] with a link to the fix [1], and a mention that a CVE is pending. Most distributions have people on that list, so they can decide if they think it is worth fixing. Collin [1] https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=0fa82abd0b22d504e484f1cceb654e74bd1a2c07
