Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#75521 - [zlib] [security] CVE-2022-37434
Attached to Project:
Arch Linux
Opened by mysta (mysta) - Friday, 05 August 2022, 16:03 GMT
Last edited by Toolybird (Toolybird) - Sunday, 07 August 2022, 06:26 GMT
Opened by mysta (mysta) - Friday, 05 August 2022, 16:03 GMT
Last edited by Toolybird (Toolybird) - Sunday, 07 August 2022, 06:26 GMT
|
DetailsDescription:
The zlib package is vulnerable to CVE-2022-37434. The attached diff adds the upstream commit to fix it. Additional info: https://vuldb.com/?id.205660 https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 
zlib.diff
(1.3 KiB)
|
This task depends upon
Comment by mysta (mysta) -
Monday, 08 August 2022, 18:17 GMT
Updated patch with another upstream commit to fix an issue with the original commit.
zlib.diff
(1.6 KiB)
Comment by Pierre Schmitz (Pierre) -
Wednesday, 10 August 2022, 07:46 GMT
I'll likely wait for a new upstream release than cherry-picking single patches.See comment by upstream developer: https://github.com/madler/zlib/issues/686#issuecomment-1208448043