mwilck
commented
1 year ago We don't maintain stable branches for upstream multipath-tools. The closest you can get is what distributions have done for their multipath-tools packages for various releases.
For example, at SUSE, I backported the upstream fix to SLE15-SP3 code stream, which is based on 0.8.5 here (commit date Sep. 27). For SLE15-SP2, which is based on the older 0.8.2 code, I took the simpler approach suggested by @bmarzins, basically just the 2 commits https://github.com/openSUSE/multipath-tools/commit/fbbf280a0e26026c19879d938ebb2a8200b6357c and https://github.com/openSUSE/multipath-tools/commit/92be462bb237f492a94cb0473a0bd8063a02cc2c.
Hi @mwilck,
We are using multipath-tools 0.8.4 version which is facing the issue CVE-2022-41974. The issue was fixed in multipath-tools 0.9.2 version & the commit id is (https://github.com/opensvc/multipath-tools/commit/f812466f68b8e020818c6454d7b7a7e278bc99f6). So can we backport the CVE-2022-41974 fix on our current version 0.8.4 ?
Is 0.8.4 version is still maintained?
Thanks