Hi Nick,
On 4/8/22 14:36, Nick Clifton wrote:
Hi Luis,
There is a CVE [1] for zlib < 1.2.12 (released march 27th).
GCC currently uses zlib 1.2.11, and binutils-gdb imports the zlib
directory from GCC. The recommendation is to get it updated to 1.2.12,
which contains the proper fix [2].
I am all for updating the binutils-gdb copy of zlib. I will wait a
couple of
days to see if anyone else has any comments or concerns, but if not, then I
will apply the patches myself.
I did a quick check and there seems to be some differences between gcc's
zlib subdir and binutils-gdb's zlib subdir. I think there has been some
fixes that we may have to port over from our current zlib subdir. I
tried simply replacing the subdir, but that didn't work right.