Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE in zlib bundled in BackupPC-XS #9

Open
hobbes1069 opened this issue Aug 9, 2022 · 2 comments
Open

CVE in zlib bundled in BackupPC-XS #9

hobbes1069 opened this issue Aug 9, 2022 · 2 comments

Comments

@hobbes1069
Copy link

Meant to post the other on here instead of main backuppc...

https://bugzilla.redhat.com/show_bug.cgi?id=2067945

Upstream fix in 1.2.12
madler/zlib@5c44459
@raoulbhatia raoulbhatia mentioned this issue Aug 21, 2022
Open
@xtaran
Copy link

xtaran commented Oct 14, 2022

If BackupPC::XS wouldn't bundle zlib code but rely on distributions to provide and update the zlib packages, this wouldn't be an issue at all.

Actually Debian patches out the usage of the embedded zlib copy in their libbackuppc-xs-perl package for exactly that reason.

So please just drop the embedded zlib code and list it as build dependency.

@Neustradamus
Copy link

To follow this ticket

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Neustradamus @xtaran @hobbes1069