Bug report

Bug description:

A new version of zlib is out: 1.3 - https://zlib.net/

zlib 1.2.13 has CVE-2023-45853
https://www.openwall.com/lists/oss-security/2023/10/20/9

minizip is part of the contrib directory in zlib, but we do not appear to use this API. The CVSS v3 score is 9.8.

We would rather patch Python to use the latest library because people will ask us about that CVE.

CPython versions tested on:

3.11, 3.12, 3.13

Operating systems tested on:

Linux, Windows

Linked PRs

• gh-111239: Update Windows builds to zlib 1.3 #111242
• gh-111239: Update Windows build to use zlib 1.3.1 #114877
• [3.12] gh-111239: Update Windows build to use zlib 1.3.1 (GH-114877) #115076
• [3.10] gh-111239: Update Windows build to use zlib 1.3.1 (GH-114877) #115079
• [3.11] gh-111239: Update Windows build to use zlib 1.3.1 (GH-114877) #115080
• [3.8] gh-111239: Update Windows build to use zlib 1.3.1 (GH-114877) #115086
• [3.9] gh-111239: Update Windows build to use zlib 1.3.1 (GH-114877) #115087