NotificationsYou must be signed in to change notification settings
Fork33.7k
Star70.4k

Update binary builds to use zlib 1.2.13 #98689

Closed

Update binary builds to use zlib 1.2.13#98689

Labels

3.10only security fixes3.11only security fixes3.12only security fixesOS-windowsrelease-blockertype-bugAn unexpected behavior, bug, or errortype-securityA security issue

Description

gpshead

opened

on Oct 26, 2022

A new version of zlib is out: 1.2.13 -https://zlib.net/

zlib 1.2.12 hasCVE-2022-37434:
https://www.openwall.com/lists/oss-security/2022/08/09/1

but... we do not appear to call the vulnerableinflateGetHeader API. So this is more of a thing we just need to do before the next round of binary builds rather than an urgent new windows binary release update as 1.2.12 was.

$ grep -i -c inflateGetHeader Modules/zlibmodule.c 0

Maybe this doesn't deserve the type-security label, but so long as our binary builds link with 1.2.12 people will ask us about that CVE.

PR:gh-98689: Update Windows builds to zlib v1.2.13 #98968

PR:[3.11] gh-98689: Update Windows builds to zlib v1.2.13 (GH-98968) #98971

PR:[3.10] gh-98689: Update Windows builds to zlib v1.2.13 (GH-98968) #98972

Metadata

Assignees

No one assigned

Labels

3.10only security fixes3.11only security fixes3.12only security fixesOS-windowsrelease-blockertype-bugAn unexpected behavior, bug, or errortype-securityA security issue

Projects

Release and Deferred blockers 🚫

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Update binary builds to use zlib 1.2.13 #98689

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions