CVE-2022-37434 patch #13
Conversation
|
@katietz @tobijk @chenghlee @remkade Can we merge this asap? Unfortunately, this CVE has a rating of 9.8 :( |
|
@jharlow-intel thanks for the PR! |
|
Friendly ping :) |
|
Looks like we need to tweak the patch to apply cleanly. |
|
@tobijk Thanks for replying! :O oh no! I'll see what needs to get done asap! |
|
Since I don't have write-permissions to downstream repo, I created another PR with the tweak: #14 |
|
There are some reservations here about applying this patch as is after this issue with libcurl turned up. |
|
@tobijk actually, we didn't get the original patch for that reason (which is why the patch had not cleanly applied). This patch actually includes the fix that had appeared in libcurl: madler/zlib@1eb7682. Hopefully that addresses some concerns. |
|
We would like to do some internal testing and validation before applying a patch here. We're monitoring a few external discussions that make us want to be cautious. |
|
@remkade sounds like a plan! |
|
Closing; superseded by #15 |
Greetings!
https://nvd.nist.gov/vuln/detail/CVE-2022-37434
Upstream commit: madler/zlib@1eb7682
@AndresGuzman-Ballen