Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#67908 - [zeromq] [Security] denial of service (CVE-2020-15166)
Attached to Project:
Community Packages
Opened by Leo Dazz (leodazz) - Tuesday, 15 September 2020, 20:06 GMT
Last edited by freswa (frederik) - Wednesday, 16 September 2020, 15:41 GMT
Opened by Leo Dazz (leodazz) - Tuesday, 15 September 2020, 20:06 GMT
Last edited by freswa (frederik) - Wednesday, 16 September 2020, 15:41 GMT
|
DetailsSummary
======= The package zeromq is vulnerable to denial of service via CVE-2020-15166. Guidance ======== <Fixed in 4.4.4. Please, upgrade?> References ========== https://security.archlinux.org/AVG-1219 https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m https://github.com/zeromq/libzmq/pull/3913/commits/e7f0090b161ce6344f6bd35009816a925c070b09 https://oss-fuzz.com/testcase-detail/5707174518194176 |
This task depends upon
Closed by freswa (frederik)
Wednesday, 16 September 2020, 15:41 GMT
Reason for closing: Fixed
Additional comments about closing: 4.3.3
Wednesday, 16 September 2020, 15:41 GMT
Reason for closing: Fixed
Additional comments about closing: 4.3.3
Comment by loqs (loqs) -
Tuesday, 15 September 2020, 23:24 GMT
Is the close request for zeromq 4.3.2-3 which does not contain the fix?
pkgver.diff
(0.9 KiB)
disable-Werror.diff
(0.9 KiB)
overlinking.diff
(0.4 KiB)