Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: zlib (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to zlib in Ubuntu.
https://bugs.launchpad.net/bugs/1988548
Title:
Missing fix for CVE-2022-37434 in zlib1g in focal and jammy
Status in zlib package in Ubuntu:
Confirmed
Bug description:
There is a crictical security issue with zlib tracked here [1]
The newest version in bionic [2] already has a security patch for it
but the one in the focal [3] (and jammy) does not. As can be seen from
their respective changelogs in the right hand side panel.
Since zlib is loaded by lots of software, e.g. the apache weg server,
this could be a problem. It seems that focal, jammy and bionic use the
same base zlib version (1.2.11), so maybe the patch there could be
recycled?
I was asked to create a bug here after asking it as question here [4].
Thank you very much for your hard work!
[1] CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-37434
[2] Bionic Package: https://packages.ubuntu.com/bionic/zlib1g
[3] Focal Package: https://packages.ubuntu.com/focal/zlib1g
[4] Original Question:
https://answers.launchpad.net/ubuntu/+source/zlib/+question/703010
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zlib/+bug/1988548/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
