Hi ,
Recently we found vulnerability related to zlib in 3.18.3 and 3.18.4. These two versions are almost latest versions. Could you please let us know by when a new version will get released with the zlib patch ?
Thanks,
Alekh
we do, it is a dependency of a few packages, including chromium
https://pkgs.alpinelinux.org/packages?name=minizip&branch=edge&repo=&arch=&maintainer=
there also is a fork of it packaged, I think this should be checked too, but that's in testing
https://pkgs.alpinelinux.org/packages?name=minizip-ng&branch=edge&repo=&arch=&maintainer=
Natanael Copa <ncopa@alpinelinux.org> schreef op 20 oktober 2023 10:50:06 CEST:
>On Fri, 20 Oct 2023 08:12:04 +0000>"Alekh Kanubothula (Nokia)" <alekh.kanubothula@nokia.com> wrote:>>> Hi ,>> >> Recently we found vulnerability related to zlib in 3.18.3 and 3.18.4.>> These two versions are almost latest versions. Could you please let>> us know by when a new version will get released with the zlib patch ?>>Hi,>>This vulnerability is in contrib/minizip.>https://nvd.nist.gov/vuln/detail/CVE-2023-45853>>The fix also confirms that this is a problem in contrib/minizip/zip.c:>https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c>>To my knowledge we never built this binary or shipped it in any package,>ever, so there is nothing to for us to fix.>>https://pkgs.alpinelinux.org/contents?file=minizip&path=&name=&branch=edge>>Thanks!>>-nc
--
lauren n. liberda
it/she