CVE-2023-45853

Advisory

Gvsbuild 2023.12.0 includes a patch for the CVE 2023-45853 on its zlib dependency.
https://github.com/wingtk/gvsbuild/pull/1187/commits/6214fc55ecfbb234b691df66b95f511400fc919b

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Changes

- zlib: add patch for CVE 2023-45853 nacho (1187)
- build(deps): bump github/codeql-action from 3.22.11 to 3.22.12 (1186)
- build(deps): bump actions/download-artifact from 4.0.0 to 4.1.0 (1182)
- build(deps): bump actions/download-artifact from 3.0.2 to 4.0.0 (1177)
- build(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (1178)
- Update libadwaita to version 1.4.2 danyeaw (1180)
- build(deps): bump lastversion from 3.4.3 to 3.4.5 (1181)
- Update CMake, libxml2, and librsvg danyeaw (1179)
- build(deps): bump github/codeql-action from 2.22.10 to 3.22.11 (1176)
- Revert "Update protobuf-c to version 1.5.0" AlessandroBono (1173)
- build(deps): bump github/codeql-action from 2.22.9 to 2.22.10 (1172)
- OpenSSL: Build FIPS provider AlessandroBono (1162)
- build(deps): bump lastversion from 3.4.2 to 3.4.3 (1171)
- build(deps): bump lastversion from 3.4.1 to 3.4.2 (1170)
- Weekly Dependency Update 2023-12-09 danyeaw (1160)
- build(deps): bump github/codeql-action from 2.22.8 to 2.22.9 (1169)
- build(deps): bump lastversion from 3.4.0 to 3.4.1 (1168)
- gst-plugins-bad: Fix patch AlessandroBono (1167)
- build(deps): bump actions/setup-python from 4.8.0 to 5.0.0 (1166)
- ffmpeg: Generate and install pdb files when in debug or debug-optimized configuration AlessandroBono (1165)
- gst-plugins-bad: Apply upstream patch AlessandroBono (1164)
- build(deps): bump actions/setup-python from 4.7.1 to 4.8.0 (1163)
- gst-plugins-good: add audio-level-meta to cutter ignazp (1159)
- build(deps): bump lastversion from 3.3.2 to 3.4.0 (1161)
- build(deps): bump pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11 (1156)
- build(deps): bump actions/dependency-review-action from 3.1.3 to 3.1.4 (1157)
- openssl: Don't generate documentation AlessandroBono (1155)
- build(deps-dev): bump tox from 4.11.3 to 4.11.4 (1154)
- Update SQLite, libxml2, and OpenSSL danyeaw (1153)
- build(deps): bump github/codeql-action from 2.22.7 to 2.22.8 (1152)
- Update SQLite and pkgconf danyeaw (1151)
- Update Meson to version 1.3.0 danyeaw (1150)
- Add docs to use with Visual Studio (and link to gtk4-rs book for Rust) mitchhentges (1149)
- Update GTK to version 4.12.4 danyeaw (1147)
- openssl: Minor changes AlessandroBono (1148)
- openssl: fixups in the pc files nacho (1146)
- build(deps): bump github/codeql-action from 2.22.6 to 2.22.7 (1145)
- build(deps): bump step-security/harden-runner from 2.6.0 to 2.6.1 (1144)
- GStreamer, libxml2, cargo, CMake, and libfido2 updates danyeaw (1143)
- fido2: build shared libraries nacho (1141)
- openssl: Update pkg-conf files AlessandroBono (1142)
- build(deps): bump github/codeql-action from 2.22.5 to 2.22.6 (1140)
- Update pre-commit hooks danyeaw (1139)
- build(deps): bump actions/dependency-review-action from 3.1.2 to 3.1.3 (1137)
- FFmpeg 6.1 and Harfbuzz 8.3.0 danyeaw (1136)
- Remove extra bin in prefix for pkgconfig files danyeaw (1134)
- Explicitly add `msys2` as path dependency of `libadwaita` mitchhentges (1135)

Thanks again to AlessandroBono, danyeaw, ignazp, mitchhentges, and nacho! 🎉

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45853