Closed SoftwareGuyRob closed 5 months ago
Very closely related to this issue: https://github.com/microsoft/perfview/issues/1659
The new msdia file no longer has the vulnerability in the previous issue, but it does have a new one. https://nvd.nist.gov/vuln/detail/CVE-2023-45853
Microsoft.Diagnostics.Tracing.TraceEvent includes msdia140.dll as part of the nuget package. That dll has vulnerability CVE-2023-45853 as it includes zlib.
Can you please fix?
Hi, msdia140 is not affected by CVE-2023-45853.
Very closely related to this issue: https://github.com/microsoft/perfview/issues/1659
The new msdia file no longer has the vulnerability in the previous issue, but it does have a new one. https://nvd.nist.gov/vuln/detail/CVE-2023-45853
Microsoft.Diagnostics.Tracing.TraceEvent includes msdia140.dll as part of the nuget package. That dll has vulnerability CVE-2023-45853 as it includes zlib.
Can you please fix?