Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#75521 - [zlib] [security] CVE-2022-37434

Attached to Project: Arch Linux
Opened by mysta (mysta) - Friday, 05 August 2022, 16:03 GMT
Last edited by Toolybird (Toolybird) - Sunday, 07 August 2022, 06:26 GMT
Task Type Bug Report
Category Packages: Core
Status Assigned
Assigned To Pierre Schmitz (Pierre)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No


The zlib package is vulnerable to CVE-2022-37434. The attached diff adds the upstream commit to fix it.

Additional info:
This task depends upon

Comment by mysta (mysta) - Monday, 08 August 2022, 18:17 GMT
Updated patch with another upstream commit to fix an issue with the original commit.
Comment by Pierre Schmitz (Pierre) - Wednesday, 10 August 2022, 07:46 GMT
I'll likely wait for a new upstream release than cherry-picking single patches.See comment by upstream developer: