Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cve: Update lzma to 5.4.4 #8135

Merged
merged 1 commit into from
Sep 13, 2023
Merged

cve: Update lzma to 5.4.4 #8135

merged 1 commit into from
Sep 13, 2023

Conversation

Smjert
Copy link
Member

@Smjert Smjert commented Sep 12, 2023
edited

  • The update might resolve CVE-2020-22916, but upstream has no information on the CVE details
  • Update documentation to mention that CentOS 7 should be used to configure libraries

Related to #8120

@Smjert Smjert added libraries For things referring to osquery third party libraries cve labels Sep 12, 2023
@Smjert Smjert requested review from a team as code owners September 12, 2023 18:18
@Smjert Smjert added this to the 5.10.0 milestone Sep 12, 2023
directionless
directionless approved these changes Sep 12, 2023
View reviewed changes
.gitmodules
@@ -18,7 +18,7 @@
url = https://github.com/arangodb/linenoise-ng
[submodule "libraries/cmake/source/lzma/src"]
path = libraries/cmake/source/lzma/src
url = https://github.com/xz-mirror/xz
url = https://github.com/tukaani-project/xz.git
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume this is a legit org?

Copy link
Member Author

@Smjert Smjert Sep 12, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it was already in our libraries manifest: https://github.com/osquery/osquery/blob/master/libraries/third_party_libraries_manifest.json, also if you check the about on the top right of the old xz-mirror they have archived it and moved to that other repo.

@Smjert
Copy link
Member Author

Smjert commented Sep 12, 2023
edited

Also my bad, I forgot that we are not sure if updating actually fixes the issue; I've changed the description in the PR so it doesn't close the issue, and I'll now update the commit message.

@Smjert
cve: Update lzma to 5.4.4
1fc7005 
- The update might resolve CVE-2020-22916,
  but upstream has no information on the CVE details
- Update documentation to mention that CentOS 7 should be used to
  configure libraries
@Smjert Smjert force-pushed the stefano/cve/update-lzma-5.4.4 branch from ec8816e to 1fc7005 Compare September 12, 2023 19:34
@Smjert Smjert merged commit 9dea25e into osquery:master Sep 13, 2023
16 checks passed
@Smjert Smjert deleted the stefano/cve/update-lzma-5.4.4 branch September 13, 2023 11:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@directionless directionless directionless approved these changes

Assignees
No one assigned
Labels
cve libraries For things referring to osquery third party libraries
Projects
None yet
Milestone
5.10.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Smjert @directionless