Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in sys-libs/zlib |
||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: sys-libs/zlib Package Version: [cpe:/a:gnu:zlib:1.2.8] Advisory: CVE-2016-9840 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9840 CVSS severity score: 6.8/10.0 Confidence: high Description: inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Advisory: CVE-2016-9842 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9842 CVSS severity score: 6.8/10.0 Confidence: high Description: The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
,
Jun 6 2017
,
Jun 6 2017
,
Jun 6 2017
,
Jun 6 2017
,
Jun 6 2017
,
Jun 6 2017
This bug requires manual review: Request affecting a post-stable build Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), gkihumba@(ChromeOS), Abdul Syed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 6 2017
off hand, i can't think of places where zlib is used on the system side that is directly exposed to user input, so backporting to M-59 might not be worth the hassle ... we should do M-60 though.
,
Jun 7 2017
,
Jun 7 2017
Your change meets the bar and is auto-approved for M60. Please go ahead and merge the CL to branch 3112 manually. Please contact milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), josafat@(ChromeOS), bustamante@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 9 2017
M59 just went stable. If there's no urgency for this merge, punting it to M60
,
Jun 12 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 15 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 15 2017
,
Jun 16 2017
,
Sep 13 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 22 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mbarbe...@chromium.org
, Jun 6 2017Labels: Security_Severity-High Security_Impact-Stable
Owner: benchan@chromium.org
Status: Assigned (was: Untriaged)