On Tue, 2022-11-01 at 10:50 +0000, Nick Howitt via epel-devel wrote: > Yesterday, ClamAV announced CVE-2022-37434 as critical > (https://blog.clamav.net/2022/10/new-packages-for-clamav-01037-01044. > html). Redhat only seem to classify the issue as Moderate in EL7 - > https://access.redhat.com/security/cve/cve-2022-37434. It looks like > that, unless Redhat classify it as Critical, zlib and zlib-devel > won't get updated so ClamAV can't be rebuilt against the updated > zlib-devel. What is the EPEL take on the issue? we build clamav from the sources , no bundles evolved , we use system zlib and libxml2 -- Sérgio M. B. _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
