Missing fix for CVE-2022-37434 in zlib1g in focal and jammy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
zlib (Ubuntu) |
Fix Released
|
Undecided
|
Rodrigo Figueiredo Zaiden |
Bug Description
There is a crictical security issue with zlib tracked here [1]
The newest version in bionic [2] already has a security patch for it but the one in the focal [3] (and jammy) does not. As can be seen from their respective changelogs in the right hand side panel.
Since zlib is loaded by lots of software, e.g. the apache weg server, this could be a problem. It seems that focal, jammy and bionic use the same base zlib version (1.2.11), so maybe the patch there could be recycled?
I was asked to create a bug here after asking it as question here [4].
Thank you very much for your hard work!
[1] CVE: https:/
[2] Bionic Package: https:/
[3] Focal Package: https:/
[4] Original Question: https:/
CVE References
Changed in zlib (Ubuntu): | |
assignee: | nobody → Rodrigo Figueiredo Zaiden (rodrigo-zaiden) |
Changed in zlib (Ubuntu): | |
status: | Confirmed → In Progress |
Status changed to 'Confirmed' because the bug affects multiple users.