[Bug 2060143] [NEW] FFe: Move fwupd to zstd instead of xz
Mario Limonciello
2060143 at bugs.launchpad.net
Wed Apr 3 15:55:06 UTC 2024
Public bug reported:
Fwupd 1.9.16 and libxmlb 0.3.16 have added support to get metadata from
LVFS using ZSTD format instead of of XZ format.
In light of CVE-2024-3094 and Ubuntu 24.04 being an LTS I wanted to
discuss considering an upgrade to libxmlb 0.3.16 and fwupd 1.9.16 to
make fwupd not use xz by default.
** Affects: fwupd (Ubuntu)
Importance: Undecided
Assignee: Mario Limonciello (superm1)
Status: Confirmed
** Affects: libxmlb (Ubuntu)
Importance: Undecided
Assignee: Mario Limonciello (superm1)
Status: Confirmed
** Also affects: libxmlb (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd in Ubuntu.
Matching subscriptions: foundations-bugs-libxmlb
https://bugs.launchpad.net/bugs/2060143
Title:
FFe: Move fwupd to zstd instead of xz
Status in fwupd package in Ubuntu:
Confirmed
Status in libxmlb package in Ubuntu:
Confirmed
Bug description:
Fwupd 1.9.16 and libxmlb 0.3.16 have added support to get metadata
from LVFS using ZSTD format instead of of XZ format.
In light of CVE-2024-3094 and Ubuntu 24.04 being an LTS I wanted to
discuss considering an upgrade to libxmlb 0.3.16 and fwupd 1.9.16 to
make fwupd not use xz by default.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/2060143/+subscriptions
More information about the foundations-bugs
mailing list