Hi
I went through the CVE-2023-45853 details and source code where fix is applied.
This CVE is for minizip tool which we are not compiling and shipping as part of Zlib package , so Zlib update is not urgent if only this CVE is concerned.
You can inform these details to your security team.
Thanks
Ranjit
------------------------------
Ranjit Ranjan
------------------------------
Original Message:
Sent: Tue August 05, 2025 09:49 AM
From: Christophe Gehin
Subject: New version of zlib
CVE-2023-45853
Regards
------------------------------
Christophe Gehin
Original Message:
Sent: Tue August 05, 2025 09:38 AM
From: Ranjit Ranjan
Subject: New version of zlib
Hi,
Let's us know the CVE reported by your security team about current zlib , so we will analyse and update.
Thanks
Ranjit
------------------------------
Ranjit Ranjan
Original Message:
Sent: Tue August 05, 2025 08:00 AM
From: Christophe Gehin
Subject: New version of zlib
Hello
My security team is complaining about zlib 1.12.3. As version 1.13.1 is available, they are telling me that 1.12.3 is obsolete.
So I'd like to know if you could make 1.13.1 available in aix toolbox ?
Best regards.
Tof
------------------------------
Christophe Gehin
------------------------------