Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#75521 - [zlib] [security] CVE-2022-37434
Attached to Project:
Arch Linux
Opened by mysta (mysta) - Friday, 05 August 2022, 16:03 GMT
Last edited by Toolybird (Toolybird) - Sunday, 07 August 2022, 06:26 GMT
Opened by mysta (mysta) - Friday, 05 August 2022, 16:03 GMT
Last edited by Toolybird (Toolybird) - Sunday, 07 August 2022, 06:26 GMT
|
DetailsDescription:
The zlib package is vulnerable to CVE-2022-37434. The attached diff adds the upstream commit to fix it. Additional info: https://vuldb.com/?id.205660 https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 |
This task depends upon

Updated patch with another upstream commit to fix an issue with the original commit.

I'll likely wait for a new upstream release than cherry-picking single patches.See comment by upstream developer: https://github.com/madler/zlib/issues/686#issuecomment-1208448043