update zlib to 1.2.11

These are the changes updating zlib from 1.2.8 to 1.2.10. It is only used when building without a system zlib.

The new release includes fixes for security issues CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843.

Note: Only Windows and macOS are affected by this issue. Linux packages use the system zlib.

  • Disclosure date: 2017-01-05 (Python issue bpo-29169 reported)
  • Reported at: 2017-01-02 (zlib 1.2.10 released)

Fixed In

Python issue

update zlib to 1.2.11.

  • Python issue: bpo-29169
  • Creation date: 2017-01-05
  • Reporter: Matthias Klose

Timeline

Timeline using the disclosure date 2017-01-05 as reference:

  • 2017-01-02 (-3 days): Reported (zlib 1.2.10 released)
  • 2017-01-05: Python issue bpo-29169 reported by Matthias Klose
  • 2017-01-31 (+26 days): commit 34e7e2e
  • 2017-01-31 (+26 days): commit 80b24a9
  • 2017-03-21 (+75 days): Python 3.6.1 released
  • 2017-08-08 (+215 days): Python 3.5.4 released
  • 2017-08-16 (+223 days): commit d0e61bd
  • 2017-09-17 (+255 days): Python 2.7.14 released
  • 2018-02-04 (+395 days): Python 3.4.8 released
  • 2018-06-28: Python 3.7.0 released