Source: zlib Version: 1:1.2.11.dfsg-4 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 1:1.2.11.dfsg-1 Control: found -1 1:1.2.11.dfsg-2+deb11u1
Hi, The following vulnerability was published for zlib. CVE-2022-37434[0]: | zlib through 1.2.12 has a heap-based buffer over-read or buffer | overflow in inflate in inflate.c via a large gzip header extra field. | NOTE: only applications that call inflateGetHeader are affected. Some | common applications bundle the affected zlib source code but may be | unable to call inflateGetHeader (e.g., see the nodejs/node reference). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-37434 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434 [1] https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 [2] https://github.com/ivd38/zlib_overflow Please adjust the affected versions in the BTS as needed. Regards, Salvatore
