[guacamole-website] branch asf-site updated: Deploy changes clarifying non-applicability of vulnerabilites related to WebP decoding.

Sat, 30 Sep 2023 14:18:22 -0700 

This is an automated email from the ASF dual-hosted git repository.

mjumper pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/guacamole-website.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 007cde1d Deploy changes clarifying non-applicability of vulnerabilites 
related to WebP decoding.
007cde1d is described below

commit 007cde1d00b1171d0207106492156db9cf0a63e3
Author: Michael Jumper <[email protected]>
AuthorDate: Sat Sep 30 14:16:41 2023 -0700

    Deploy changes clarifying non-applicability of vulnerabilites related to 
WebP decoding.
---
 content/security/index.html | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/content/security/index.html b/content/security/index.html
index ddd25562..f13e1c61 100644
--- a/content/security/index.html
+++ b/content/security/index.html
@@ -421,7 +421,20 @@ mailing list of the <a 
href="https://www.apache.org/security/";>ASF Security Team
 the <a 
href="mailto:[email protected]";>[email protected]</a> 
mailing list, before disclosing or
 discussing the issue in a public forum.</p>
 
-<h2 id="not-affected-by-cve-2021-44228">Is Apache Guacamole affected by 
CVE-2021-44228?</h2>
+<h2 id="vulnerabilities-in-dependencies">Vulnerabilities in dependencies</h2>
+
+<h3 id="not-affected-by-cve-2023-5129">Is Apache Guacamole affected by 
CVE-2023-5129?</h3>
+
+<p>No. CVE-2023-5129 (aka CVE-2023-4863) deals specifically with decoding
+WebP images, not encoding.</p>
+
+<p>You would also receive updates to libwebp from your distribution as the
+library itself is not bundled within Guacamole. If using our Docker
+images, the images are automatically rebuilt nightly to bring in updates
+from the maintainer of the base image (Alpine Linux), and a pull of the
+latest would give you an updated image.</p>
+
+<h3 id="not-affected-by-cve-2021-44228">Is Apache Guacamole affected by 
CVE-2021-44228?</h3>
 
 <p>No, CVE-2021-44228 does not affect Apache Guacamole. Guacamole uses
 <a href="http://logback.qos.ch/";>Logback</a> as its logging backend, not 
Log4j.</p>

Reply via email to