[Bug 1729414] Re: zlib package in Ubuntu 14.04 LTS (Trusty) has not received patches for critical/high CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843

Ryan Fisher 1729414 at bugs.launchpad.net
Wed Nov 1 19:28:45 UTC 2017 

** Tags added: trusty

** Description changed:

  The current package available to 14.04/trusty is 1:1.2.8.dfsg-1ubuntu1
  which does not have the upstream fixes for the following CVEs:
  
- * CVE-2016-9840 (high)
- * CVE-2016-9841 (critical)
- * CVE-2016-9842 (high)
- * CVE-2016-9843 (critical
+ * CVE-2016-9840 (high) (https://nvd.nist.gov/vuln/detail/CVE-2016-9840)
+ * CVE-2016-9841 (critical) (https://nvd.nist.gov/vuln/detail/CVE-2016-9841)
+ * CVE-2016-9842 (high) (https://nvd.nist.gov/vuln/detail/CVE-2016-9842)
+ * CVE-2016-9843 (critical) (https://nvd.nist.gov/vuln/detail/CVE-2016-9843)
  
  Being that they are being categorized as such by NIST, it would be very
  nice to get these fixes backported to Trusty or the most recent version
  of zlib made available to Trusty.
  
  Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to zlib in Ubuntu.
https://bugs.launchpad.net/bugs/1729414

Title:
  zlib package in Ubuntu 14.04 LTS (Trusty) has not received patches for
  critical/high CVE-2016-9840, CVE-2016-9841, CVE-2016-9842,
  CVE-2016-9843

Status in zlib package in Ubuntu:
  New

Bug description:
  The current package available to 14.04/trusty is 1:1.2.8.dfsg-1ubuntu1
  which does not have the upstream fixes for the following CVEs:

  * CVE-2016-9840 (high) (https://nvd.nist.gov/vuln/detail/CVE-2016-9840)
  * CVE-2016-9841 (critical) (https://nvd.nist.gov/vuln/detail/CVE-2016-9841)
  * CVE-2016-9842 (high) (https://nvd.nist.gov/vuln/detail/CVE-2016-9842)
  * CVE-2016-9843 (critical) (https://nvd.nist.gov/vuln/detail/CVE-2016-9843)

  Being that they are being categorized as such by NIST, it would be
  very nice to get these fixes backported to Trusty or the most recent
  version of zlib made available to Trusty.

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zlib/+bug/1729414/+subscriptions

More information about the foundations-bugs mailing list