Source: libwebp Version: 1.2.4-0.3 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi While the security fix in bookworm correctly included as well https://chromium.googlesource.com/webm/libwebp.git/+/95ea5226c870449522240ccff26f0b006037c520%5E%21/#F0 this is missing in the 1.2.4-0.3 upload and as well in the 1.3.2-0.2 version currently in unstable. While one might strictly arguing only the first commit is needed from https://security-tracker.debian.org/tracker/CVE-2023-4863 as we have not enough ifnormation from the issue, the second one should have been as well included. Regards, Salvatore
