[minizip] v1.3.1-2 incorrectly marked as vulnerable to CVE-2023-45853
Description:
This page says minizip 1.3.1-2 is still vulnerable to CVE-2023-45853, but a fix for that vulnerability was included in v1.3.1 and released almost a year ago.
I believe that's also what is causing arch-audit to show the same incorrect information:
$ pacman -Q minizip
minizip 1:1.3.1-2
$ arch-audit -c
minizip is affected by arbitrary code execution. (CVE-2023-45853). Critical risk!Additional info:
- package version(s): 1.3.1-2
- config and/or log files: N/A
- link to upstream bug report, if any: https://github.com/madler/zlib/issues/868