This is a demonstration of Melange's patch action, as well as how security fixes are recorded for the VEX feed.
In commit 951cbb3, a vulnerable package, zlib-1.2.11-r0 is built. It is vulnerable to CVE-2018-25032.
In commit 4a77126, we apply an upstream mitigation to resolve CVE-2018-25032.