We have rated these vulnerabilities as being "low" priority as the
undefined behaviour doesn't affect binaries built with gcc.
We will include them in a zlib security update if more important issues
need to be addressed.
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9840.html
This also appears to be the case in 16.04 LTS
** Tags added: xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1729414
Title:
zlib package in Ubuntu 14.04 LTS (Trusty) has not received patches
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: zlib (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1729414
Title:
zlib
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-9840
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-9841
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-9842
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-9843
--
You
** Tags added: trusty
** Description changed:
The current package available to 14.04/trusty is 1:1.2.8.dfsg-1ubuntu1
which does not have the upstream fixes for the following CVEs:
- * CVE-2016-9840 (high)
- * CVE-2016-9841 (critical)
- * CVE-2016-9842 (high)
- * CVE-2016-9843 (critical
+