A new version of zlib is out: 1.2.13 - https://zlib.net/

zlib 1.2.12 has CVE-2022-37434:
https://www.openwall.com/lists/oss-security/2022/08/09/1

but... we do not appear to call the vulnerable inflateGetHeader API. So this is more of a thing we just need to do before the next round of binary builds rather than an urgent new windows binary release update as 1.2.12 was.

$ grep -i -c inflateGetHeader Modules/zlibmodule.c 
0

Maybe this doesn't deserve the type-security label, but so long as our binary builds link with 1.2.12 people will ask us about that CVE.

• PR: gh-98689: Update Windows builds to zlib v1.2.13 #98968

• PR: [3.11] gh-98689: Update Windows builds to zlib v1.2.13 (GH-98968) #98971

• PR: [3.10] gh-98689: Update Windows builds to zlib v1.2.13 (GH-98968) #98972