From: Paul Barker <paul@pbarker.dev>
To: "Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at
Cisco)" <sudumbha@cisco.com>,
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][scarthgap][PATCH] perl: link to the system zlib instead of a vendored copy
Date: Thu, 14 May 2026 12:00:01 +0100 [thread overview]
Message-ID: <c10eec7c9793593287d92fdde936f51cd690fb00.camel@pbarker.dev> (raw)
In-Reply-To: <20260514103317.3959488-1-sudumbha@cisco.com>
[-- Attachment #1: Type: text/plain, Size: 959 bytes --]
On Thu, 2026-05-14 at 03:33 -0700, Sudhir Dumbhare -X (sudumbha - E
INFOCHIPS PRIVATE LIMITED at Cisco) wrote:
> From: Ross Burton <ross.burton@arm.com>
>
> The perl module Compress-Raw-Zlib defaults to using a vendored copy of
> the zlib sources which has a number of CVEs. A newer version of perl
> updates this to zlib 1.3.2 to resolve them, but we should be linking to
> our zlib recipe instead of the vendored code.
>
> This mitigates CVE-2026-4176 so mark it as not appropriate.
>
> Signed-off-by: Ross Burton <ross.burton@arm.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> (cherry picked from commit bf515229043685d4f00c965eb3e0236c37b6b403)
> Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Hi Sudhir,
The description in the commit message applies to Perl 5.42.0 in our
master branch, have you confirmed this this is also valid for Perl
5.38.x on Scarthgap?
Thanks,
--
Paul Barker
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
prev parent reply other threads:[~2026-05-14 11:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-14 10:33 [OE-core][scarthgap][PATCH] perl: link to the system zlib instead of a vendored copy Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-05-14 11:00 ` Paul Barker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c10eec7c9793593287d92fdde936f51cd690fb00.camel@pbarker.dev \
--to=paul@pbarker.dev \
--cc=openembedded-core@lists.openembedded.org \
--cc=sudumbha@cisco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.