reassign 1051787 libwebp
thanks
Actually I'm mistaken, we're building against the system libwebp so
there's no need to update chromium at all for this CVE. The webp fix is
the only (linux) change that chromium made between .180 and .187.
On Tue, Sep 12 2023 at 11:34:26 AM -04:00:00,
clone 1051787 -1
reassign -1 libwebp
thanks
This bug's actually in libwebp. Unfortunately we're still embedding it
in chromium, so we likely need to fix both chromium *and* libwebp in
debian. There hasn't been a libwebp release yet, but the two relevant
git commits are
Package: chromium
Version: 116.0.5845.180-1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
116.0.5845.187 fixes a critical remote vulnerability in chrome
[$NA][1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP.
3 matches
Mail list logo
