[Bug 1208103] New: zlib 1.2.5 matched in python3-base-3.6.15-150300.10.37.2.x86_64.rpm
https://bugzilla.suse.com/show_bug.cgi?id=1208103 Bug ID: 1208103 Summary: zlib 1.2.5 matched in python3-base-3.6.15-150300.10.37.2.x86_64.rpm Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Development Assignee: screening-team-bugs@suse.de Reporter: simonalogan@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Our security scanning tool has matched zlib 1.2.5 in python3-base-3.6.15-150300.10.37.2.x86_64.rpm as follows. Full File Path python3-base-3.6.15-150300.10.37.2.x86_64.rpm/usr/lib64/python3.6/distutils/command/wininst-10.0-amd64.exe Signature 0:"inflate 1.2.5 Copyright 1995-2010 Mark Adler" Full File Path python3-base-3.6.15-150300.10.37.2.x86_64.rpm/usr/lib64/python3.6/distutils/command/wininst-10.0.exe Signature 0:"inflate 1.2.5 Copyright 1995-2010 Mark Adler" There are a number of high severity CVEs associated with zlib 1.2.5. Is it possible to have this updated? Thanks, Simon -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208103 https://bugzilla.suse.com/show_bug.cgi?id=1208103#c1 Simon Logan <simonalogan@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|zlib 1.2.5 matched in |zlib 1.2.5 and 1.2.8 |python3-base-3.6.15-150300. |matched in |10.37.2.x86_64.rpm |python3-base-3.6.15-150300. | |10.37.2.x86_64.rpm --- Comment #1 from Simon Logan <simonalogan@gmail.com> --- Also findings for zlib 1.2.8 Full File Path /6.2.0.266/nvr/x86_64/python3-base-3.6.15-150300.10.37.2.x86_64.rpm/usr/lib64/python3.6/distutils/command/wininst-14.0-amd64.exe Signature 0:"inflate 1.2.8 Copyright 1995-2013 Mark Adler" Full File Path /6.2.0.266/nvr/x86_64/python3-base-3.6.15-150300.10.37.2.x86_64.rpm/usr/lib64/python3.6/distutils/command/wininst-14.0.exe Signature 0:"inflate 1.2.8 Copyright 1995-2013 Mark Adler" -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208103 Simon Logan <simonalogan@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Development |Security Assignee|screening-team-bugs@suse.de |security-team@suse.de -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208103 https://bugzilla.suse.com/show_bug.cgi?id=1208103#c2 --- Comment #2 from Simon Logan <simonalogan@gmail.com> --- Also findings for zlib 1.2.3 Full File Path /6.2.0.266/nvr/x86_64/python3-base-3.6.15-150300.10.37.2.x86_64.rpm/usr/lib64/python3.6/distutils/command/wininst-6.0.exe Signature 0:"inflate 1.2.3 Copyright 1995-2005 Mark Adler" Full File Path /6.2.0.266/nvr/x86_64/python3-base-3.6.15-150300.10.37.2.x86_64.rpm/usr/lib64/python3.6/distutils/command/wininst-7.1.exe Signature 0:"inflate 1.2.3 Copyright 1995-2005 Mark Adler" Full File Path /6.2.0.266/nvr/x86_64/python3-base-3.6.15-150300.10.37.2.x86_64.rpm/usr/lib64/python3.6/distutils/command/wininst-8.0.exe Signature 0:"inflate 1.2.3 Copyright 1995-2005 Mark Adler" Full File Path /6.2.0.266/nvr/x86_64/python3-base-3.6.15-150300.10.37.2.x86_64.rpm/usr/lib64/python3.6/distutils/command/wininst-9.0-amd64.exe Signature 0:"inflate 1.2.3 Copyright 1995-2005 Mark Adler" Full File Path /6.2.0.266/nvr/x86_64/python3-base-3.6.15-150300.10.37.2.x86_64.rpm/usr/lib64/python3.6/distutils/command/wininst-9.0.exe Signature 0:"inflate 1.2.3 Copyright 1995-2005 Mark Adler" -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com