Upgrade zlib to 1.2.13 #967

ulfllorenz · 2022-10-25T15:15:22Z

I noticed that PyTables 3.7.0 ships a zlib.dll Version 1.2.11 under Windows. Given that 1.2.12 and 1.2.13 have fixed some seemingly severe CVEs, it seems as if an upgrade of zlib might be a good idea.

Note that I have not dug into the code, I just came across this issue more or less by accident and thought I'd contribute a little. The buffer overflows may not affect PyTables at all, in which case you may safely disregard this issue.

avalentino · 2022-10-25T15:36:52Z

Dear @ulfllorenz, thanks for reporting.
It seems a good idea indeed.

* hdf5 v1.14.1 * lz4 v1.9.4 * zlib v1.2.13

avalentino added this to the 3.7.1 milestone Oct 25, 2022

matham added a commit to matham/PyTables that referenced this issue Dec 20, 2022

Bump zlib to 1.2.13. Fixes PyTables#967.

4e640b8

avalentino modified the milestones: 3.8.0, 3.8.1 Dec 28, 2022

avalentino added a commit to avalentino/PyTables that referenced this issue May 20, 2023

Bump version of external libraries (closes PyTables#967)

e406f5d

* hdf5 v1.14.1 * lz4 v1.9.4 * zlib v1.2.13

avalentino added a commit to avalentino/PyTables that referenced this issue May 20, 2023

Bump version of external libraries (closes PyTables#967)

be97069

* hdf5 v1.14.1 * lz4 v1.9.4 * zlib v1.2.13

avalentino mentioned this issue May 20, 2023

Update external libraries #1018

Merged

avalentino self-assigned this May 20, 2023

avalentino added enhancement setup labels May 20, 2023

avalentino closed this as completed in #1018 May 20, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade zlib to 1.2.13 #967

Upgrade zlib to 1.2.13 #967

ulfllorenz commented Oct 25, 2022

avalentino commented Oct 25, 2022

Upgrade zlib to 1.2.13 #967

Upgrade zlib to 1.2.13 #967

Comments

ulfllorenz commented Oct 25, 2022

avalentino commented Oct 25, 2022