[Bug 1988548] Re: Missing fix for CVE-2022-37434 in zlib1g in focal and jammy
Rodrigo Figueiredo Zaiden
1988548 at bugs.launchpad.net
Fri Oct 14 21:53:49 UTC 2022
** Changed in: zlib (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to zlib in Ubuntu.
https://bugs.launchpad.net/bugs/1988548
Title:
Missing fix for CVE-2022-37434 in zlib1g in focal and jammy
Status in zlib package in Ubuntu:
In Progress
Bug description:
There is a crictical security issue with zlib tracked here [1]
The newest version in bionic [2] already has a security patch for it
but the one in the focal [3] (and jammy) does not. As can be seen from
their respective changelogs in the right hand side panel.
Since zlib is loaded by lots of software, e.g. the apache weg server,
this could be a problem. It seems that focal, jammy and bionic use the
same base zlib version (1.2.11), so maybe the patch there could be
recycled?
I was asked to create a bug here after asking it as question here [4].
Thank you very much for your hard work!
[1] CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-37434
[2] Bionic Package: https://packages.ubuntu.com/bionic/zlib1g
[3] Focal Package: https://packages.ubuntu.com/focal/zlib1g
[4] Original Question: https://answers.launchpad.net/ubuntu/+source/zlib/+question/703010
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zlib/+bug/1988548/+subscriptions
More information about the foundations-bugs
mailing list