Update to zlib 1.3 + CVE fix in more...

[Neustradamus]

Dear @smihica,

Can you update the code?

There is a zlib 1.3 and a CVE fix in more (you can use current git devel branch):

• https://github.com/advisories/GHSA-mq29-j5xf-cjwr
• https://github.com/madler/zlib/issues/868
• https://github.com/madler/zlib/pull/843
• https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c

Note that there are other CVE fixes in previous builds too.

Example:

• @agabarre97: https://github.com/smihica/pyminizip/issues/42
• @okuuva: https://github.com/smihica/pyminizip/pull/43
• @SCH227: https://github.com/smihica/pyminizip/issues/51

Thanks in advance.

[JudahSchwartz]

@smihica any update here?

[Neustradamus]

Zlib 1.3.1 has been released (2024-01-22) with 2 CVE fixes for Minizip:

• https://github.com/madler/zlib/releases/tag/v1.3.1
• https://zlib.net/

[asaf400]

From what I've seen, Debian 12 still hasn't created a new deb release with the fixes just for anyone who's looking for a fix with bookworm at this time: https://security-tracker.debian.org/tracker/CVE-2023-45853