Hi,
There is a CVE [1] for zlib < 1.2.12 (released march 27th).
GCC currently uses zlib 1.2.11, and binutils-gdb imports the zlib
directory from GCC. The recommendation is to get it updated to 1.2.12,
which contains the proper fix [2].
It might not affect gcc/binutils/gdb since the code doesn't seem to be
using the problematic option Z_FIXED, but it seems like a good idea to
consider bumping the version of zlib we use.
[1] https://nvd.nist.gov/vuln/detail/CVE-2018-25032
[2]
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
