On Monday, 15 August 2022 10:20:30 NZST Khem Raj wrote: > This is only seen in development branch as per [1] > > [1] > https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166be > ce1#commitcomment-80753451 CVE: CVE-2022-37434
It's a little confusing, but I think that CVE-2022-37434 does affect existing zlib releases - at least the patch does apply. My reading was that the upstream comment was referring to the *fix* (and thus the additional segfault issue that it introduced) was not yet in any zlib release. A look around suggests Ubuntu is treating CVE-2022-37434 as needing to be fixed at least. Cheers Paul
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#169346): https://lists.openembedded.org/g/openembedded-core/message/169346 Mute This Topic: https://lists.openembedded.org/mt/93025229/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
