Bug#1051787: Subject: CVE-2023-4863: Heap buffer overflow in WebP

Tue, 12 Sep 2023 08:15:17 -0700 

Package: chromium
Version: 116.0.5845.180-1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>

Dear Maintainer,

116.0.5845.187 fixes a critical remote vulnerability in chrome

[$NA][1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP.
Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen
Lab at The University of Torontoʼs Munk School on 2023-09-06

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

Might want to look into this at least

(attempt 3, my reportbug broke sorry)

Jeff Cliff

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-debug'), (500,
'oldstable-debug')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.0-gnulibre (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8),
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled


Versions of packages chromium depends on:
pn  chromium-common        <none>
ii  libasound2             1.2.9-2
ii  libatk-bridge2.0-0     2.49.91-2
ii  libatk1.0-0            2.49.91-2
ii  libatomic1             13.2.0-3
ii  libatspi2.0-0          2.49.91-2
ii  libbrotli1             1.0.9-2+b6
ii  libc6                  2.37-7
ii  libcairo2              1.17.8-3
ii  libcups2               2.4.2-5
ii  libdbus-1-3            1.14.10-1devuan1
ii  libdouble-conversion3  3.3.0-1
ii  libdrm2                2.4.115-1
ii  libevent-2.1-7         2.1.12-stable-8
ii  libexpat1              2.5.0-2
ii  libflac12              1.4.3+ds-2
ii  libfontconfig1         2.14.2-5
ii  libfreetype6           2.13.2+dfsg-1
ii  libgbm1                23.1.7-1
ii  libgcc-s1              13.2.0-3
ii  libglib2.0-0           2.77.3-1
ii  libgtk-3-0             3.24.38-4
ii  libjpeg62-turbo        1:2.1.5-2
ii  libjsoncpp25           1.9.5-6
ii  liblcms2-2             2.14-2
ii  libminizip1            1:1.2.13.dfsg-3
ii  libnspr4               2:4.35-1.1
ii  libnss3                2:3.92-1
pn  libopenh264-7          <none>
ii  libopenjp2-7           2.5.0-2
ii  libopus0               1.4-1
ii  libpango-1.0-0         1.51.0+ds-2
ii  libpng16-16            1.6.40-1
ii  libpulse0              16.1+dfsg1-2+b1
ii  libsnappy1v5           1.1.10-1
ii  libstdc++6             13.2.0-3
ii  libwebp7               1.2.4-0.2
ii  libwebpdemux2          1.2.4-0.2
ii  libwebpmux3            1.2.4-0.2
ii  libwoff1               1.0.2-2
ii  libx11-6               2:1.8.6-1
ii  libxcb1                1.15-1
ii  libxcomposite1         1:0.4.5-1
ii  libxdamage1            1:1.1.6-1
ii  libxext6               2:1.3.4-1+b1
ii  libxfixes3             1:6.0.0-2
ii  libxkbcommon0          1.5.0-1
ii  libxml2                2.9.14+dfsg-1.3
ii  libxnvctrl0            525.125.06-1
ii  libxrandr2             2:1.5.2-2+b1
ii  libxslt1.1             1.1.35-1
ii  zlib1g                 1:1.2.13.dfsg-3

Versions of packages chromium recommends:
pn  chromium-sandbox  <none>

Versions of packages chromium suggests:
pn  chromium-driver  <none>
pn  chromium-l10n    <none>
pn  chromium-shell   <none>

Reply via email to