On Tue, 2022-11-01 at 10:50 +0000, Nick Howitt via epel-devel wrote:
Yesterday, ClamAV announced CVE-2022-37434 as critical
(
https://blog.clamav.net/2022/10/new-packages-for-clamav-01037-01044.
html). Redhat only seem to classify the issue as Moderate in EL7 -
https://access.redhat.com/security/cve/cve-2022-37434. It looks like
that, unless Redhat classify it as Critical, zlib and zlib-devel
won't get updated so ClamAV can't be rebuilt against the updated
zlib-devel. What is the EPEL take on the issue?
we build clamav from the sources , no bundles evolved , we use system
zlib and libxml2
--
Sérgio M. B.