On Tue, May 27, 2025 at 10:52:40PM +0200, Salvatore Bonaccorso wrote: > Source: libvpx > Version: 1.12.0-1 > Severity: grave > Tags: security upstream > Justification: user security hole > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > Control: found -1 1.15.0-2 > > Hi > > The recent MFSA's for firefox mention the following issue as critical: > > | A double-free could have occurred in vpx_codec_enc_init_multi after a > | failed allocation when initializing the encoder for WebRTC. This could > | have caused memory corruption and a potentially exploitable crash. > > Cf. https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/ > > Fix is at: > https://chromium.googlesource.com/webm/libvpx/+/1c758781c428c0e895645b95b8ff1512b6bdcecb
MR (for unstable) is at https://salsa.debian.org/multimedia-team/libvpx/-/merge_requests/5 Regards, Salvatore
