On Tue, 1 Nov 2022 at 06:59, Nick Howitt via epel-devel < epel-devel@lists.fedoraproject.org> wrote:
> Yesterday, ClamAV announced CVE-2022-37434 as critical ( > https://blog.clamav.net/2022/10/new-packages-for-clamav-01037-01044.html). > Redhat only seem to classify the issue as Moderate in EL7 - > https://access.redhat.com/security/cve/cve-2022-37434. It looks like > that, unless Redhat classify it as Critical, zlib and zlib-devel won't get > updated so ClamAV can't be rebuilt against the updated zlib-devel. What is > the EPEL take on the issue? > Well if the EL7 in the base operating system is not getting updated, then any rebuild by EPEL is not going to see a 'fixed' version. It isn't just zlib-devel which would need to be fixed but the zlib libraries that clamav needs to link to on a system. This problem isn't new and is common when any RHEL reaches its '2 years until expiration'. We usually see more software where the upstream vendor believes a problem is critical but the OS vendor does not in the oldest version. This being a volunteer organization, we generally have to go with what copious free time allows which is usually nil and nothing. > _______________________________________________ > epel-devel mailing list -- epel-devel@lists.fedoraproject.org > To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- Stephen Smoogen, Red Hat Automotive Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren
_______________________________________________ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue