With the minizip code in the codebase updated by #420, it's fairly straightforward to cherry-pick a fixup for CVE-2023-45853.
If-and-when a release of zlib v1.3.1 (that contains minizip in the contrib directory) appears, it could be worthwhile to update to that; since that hasn't appeared yet I think it may make sense to apply this here directly.
jmcnamara
commented
8 months ago
With the
minizipcode in the codebase updated by #420, it's fairly straightforward to cherry-pick a fixup for CVE-2023-45853.If-and-when a release of
zlibv1.3.1 (that containsminizipin thecontribdirectory) appears, it could be worthwhile to update to that; since that hasn't appeared yet I think it may make sense to apply this here directly.