Yes, there is a plan to update zlib in next couple of months.
As mentioned earlier in the thread , the above CVE is not affecting the existing zlib in AIX Toolbox as we are not shipping minizip tool.
------------------------------
Ayappan P
------------------------------
Original Message:
Sent: Thu October 30, 2025 07:25 AM
From: Christophe Gehin
Subject: New version of zlib
Hi Ranjit
My security team is still asking me to get and install a new version of zlid. For them, the available version is obsolete.
Is it planned by any chance to update zlid to a newer release ?
Best regards
------------------------------
Christophe Gehin
Original Message:
Sent: Wed August 06, 2025 05:11 AM
From: Ranjit Ranjan
Subject: New version of zlib
Hi
I went through the CVE-2023-45853 details and source code where fix is applied.
This CVE is for minizip tool which we are not compiling and shipping as part of Zlib package , so Zlib update is not urgent if only this CVE is concerned.
You can inform these details to your security team.
Thanks
Ranjit
------------------------------
Ranjit Ranjan
Original Message:
Sent: Tue August 05, 2025 09:49 AM
From: Christophe Gehin
Subject: New version of zlib
CVE-2023-45853
Regards
------------------------------
Christophe Gehin
Original Message:
Sent: Tue August 05, 2025 09:38 AM
From: Ranjit Ranjan
Subject: New version of zlib
Hi,
Let's us know the CVE reported by your security team about current zlib , so we will analyse and update.
Thanks
Ranjit
------------------------------
Ranjit Ranjan
Original Message:
Sent: Tue August 05, 2025 08:00 AM
From: Christophe Gehin
Subject: New version of zlib
Hello
My security team is complaining about zlib 1.12.3. As version 1.13.1 is available, they are telling me that 1.12.3 is obsolete.
So I'd like to know if you could make 1.13.1 available in aix toolbox ?
Best regards.
Tof
------------------------------
Christophe Gehin
------------------------------
#AIXOpenSource