I manually installed the fixed zlib from kinetic. So far it is working. Could someone put it in proposed for focal and jammy so it will be on the livecd's?
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zlib in Ubuntu. https://bugs.launchpad.net/bugs/1988548 Title: Missing fix for CVE-2022-37434 in zlib1g in focal and jammy Status in zlib package in Ubuntu: Confirmed Bug description: There is a crictical security issue with zlib tracked here [1] The newest version in bionic [2] already has a security patch for it but the one in the focal [3] (and jammy) does not. As can be seen from their respective changelogs in the right hand side panel. Since zlib is loaded by lots of software, e.g. the apache weg server, this could be a problem. It seems that focal, jammy and bionic use the same base zlib version (1.2.11), so maybe the patch there could be recycled? I was asked to create a bug here after asking it as question here [4]. Thank you very much for your hard work! [1] CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-37434 [2] Bionic Package: https://packages.ubuntu.com/bionic/zlib1g [3] Focal Package: https://packages.ubuntu.com/focal/zlib1g [4] Original Question: https://answers.launchpad.net/ubuntu/+source/zlib/+question/703010 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zlib/+bug/1988548/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
