We have rated these vulnerabilities as being "low" priority as the undefined behaviour doesn't affect binaries built with gcc.
We will include them in a zlib security update if more important issues need to be addressed. https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9840.html https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9841.html https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9842.html https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9843.html ** Changed in: zlib (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1729414 Title: zlib package in Ubuntu 14.04 LTS (Trusty) has not received patches for critical/high CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zlib/+bug/1729414/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
