On Sun, Aug 14, 2022 at 7:32 PM Paul Eggleton < [email protected]> wrote:
> On Monday, 15 August 2022 10:20:30 NZST Khem Raj wrote: > > This is only seen in development branch as per [1] > > > > [1] > > > https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166be > > ce1#commitcomment-80753451 CVE: CVE-2022-37434 > > It's a little confusing, but I think that CVE-2022-37434 does affect > existing > zlib releases - at least the patch does apply. My reading was that the > upstream comment was referring to the *fix* (and thus the additional > segfault > issue that it introduced) was not yet in any zlib release. A look around > suggests Ubuntu is treating CVE-2022-37434 as needing to be fixed at least. Yeah I think I missed the second last and last comments which clears it So we still need those two fixes to address the CVE > > Cheers > Paul > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#169347): https://lists.openembedded.org/g/openembedded-core/message/169347 Mute This Topic: https://lists.openembedded.org/mt/93025229/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
