You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All package builds use the official distros, so the version of the shipped libs will always match those on vanilla Debian/Ubuntu/RHEL. The zip and tarballs are currently (20240404) built on RHEL7. So the versions are:
Describe the solution you'd like
I've noticed that the
linuxfabrik-monitoring-plugins
deb package version2023112901-1
containsliblzma.so.5
.Which version of
liblzma
is this? I would like to confirm that this library file is not vulnerable to CVE-2024-3094.https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
https://access.redhat.com/security/cve/CVE-2024-3094
https://nvd.nist.gov/vuln/detail/CVE-2024-3094
https://security-tracker.debian.org/tracker/CVE-2024-3094
https://lists.debian.org/debian-security-announce/2024/msg00057.html
Additional context
No response
The text was updated successfully, but these errors were encountered: