Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 891309 - dev-db/mysql-workbench: zlib vulnerability (Oracle CPU Jan 2023)
Summary: dev-db/mysql-workbench: zlib vulnerability (Oracle CPU Jan 2023)
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.oracle.com/security-alert...
Whiteboard: ??
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-18 14:48 UTC by John Helmert III
Modified: 2023-01-23 03:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-18 14:48:55 UTC 
CVE-2022-37434 (https://github.com/ivd38/zlib_overflow):

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Does mysql-workbench bundle zlib in Gentoo?
Comment 1 Hans de Graaff gentoo-dev Security 2023-01-20 08:31:14 UTC 
(In reply to John Helmert III from comment #0)

> Does mysql-workbench bundle zlib in Gentoo?

No. In fact, I can't find where or how it would be used. It looks like that is only included in the Windows ebuilds.

In any case I've just added mysql-workbench-8.0.32.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-23 03:14:02 UTC 
(In reply to Hans de Graaff from comment #1)
> (In reply to John Helmert III from comment #0)
> 
> > Does mysql-workbench bundle zlib in Gentoo?
> 
> No. In fact, I can't find where or how it would be used. It looks like that
> is only included in the Windows ebuilds.

Curious!

> In any case I've just added mysql-workbench-8.0.32.

Thanks! I'll just invalid this bug as we're note affected.