Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 891309

Summary: dev-db/mysql-workbench: zlib vulnerability (Oracle CPU Jan 2023)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: graaff
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.oracle.com/security-alerts/cpujan2023.html#AppendixMSQL
Whiteboard: ??
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-18 14:48:55 UTC 
CVE-2022-37434 (https://github.com/ivd38/zlib_overflow):

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

Does mysql-workbench bundle zlib in Gentoo?
Comment 1 Hans de Graaff gentoo-dev Security 2023-01-20 08:31:14 UTC 
(In reply to John Helmert III from comment #0)

> Does mysql-workbench bundle zlib in Gentoo?

No. In fact, I can't find where or how it would be used. It looks like that is only included in the Windows ebuilds.

In any case I've just added mysql-workbench-8.0.32.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-23 03:14:02 UTC 
(In reply to Hans de Graaff from comment #1)
> (In reply to John Helmert III from comment #0)
> 
> > Does mysql-workbench bundle zlib in Gentoo?
> 
> No. In fact, I can't find where or how it would be used. It looks like that
> is only included in the Windows ebuilds.

Curious!

> In any case I've just added mysql-workbench-8.0.32.

Thanks! I'll just invalid this bug as we're note affected.