Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in sys-libs/zlib |
||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: sys-libs/zlib Package Version: [cpe:/a:gnu:zlib:1.2.8] Advisory: CVE-2016-9841 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9841 CVSS severity score: 7.5/10.0 Confidence: high Description: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Advisory: CVE-2016-9843 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9843 CVSS severity score: 7.5/10.0 Confidence: high Description: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
,
Jun 6 2017
,
Jun 6 2017
I believe +andreyu is already working on updating zlib
,
Jun 6 2017
,
Jun 6 2017
,
Jun 6 2017
This bug requires manual review: Request affecting a post-stable build Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), gkihumba@(ChromeOS), Abdul Syed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 7 2017
,
Jun 9 2017
59 just went stable. Is this urgent? If not, please target 60
,
Jun 16 2017
,
Sep 13 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 22 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mbarbe...@chromium.org
, Jun 6 2017Labels: Security_Severity-High Security_Impact-Stable
Owner: benchan@chromium.org
Status: Assigned (was: Untriaged)