Bug#1051786: CVE-2023-4863: Heap buffer overflow in WebP
control: tags -1 pending Hello, since the package libwebp looks a little bit maintained via NMU and package is on salsa.d.o/debian namespace, I'll just do it and git push/git push --tags. G. On Tue, 12 Sep 2023 09:08:55 -0600 Jeffrey Cliff wrote: Subject: CVE-2023-4863: Heap buffer overflow in WebP Package: chromium Version: 116.0.5845.180-1 Severity: grave Tags: security Justification: user security hole X-Debbugs-Cc: Debian Security Team On Tue, Sep 12, 2023 at 9:07 AM Jeffrey Cliff wrote: > > Dear Maintainer, > > 116.0.5845.187 fixes a critical remote vulnerability in chrome > > [$NA][1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP. > Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen > Lab at The University of Torontoʼs Munk School on 2023-09-06 > > https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html > > Might want to look into this at least > > Jeff Cliff > > > -- System Information: > Debian Release: trixie/sid > APT prefers unstable-debug > APT policy: (500, 'unstable-debug'), (500, 'stable-debug'), (500, > 'oldstable-debug') > Architecture: amd64 (x86_64) > > Kernel: Linux 6.5.0-gnulibre (SMP w/2 CPU threads; PREEMPT) > Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), > LANGUAGE=en_CA:en > Shell: /bin/sh linked to /usr/bin/dash > Init: sysvinit (via /sbin/init) > LSM: AppArmor: enabled > > > Versions of packages chromium depends on: > pn chromium-common > ii libasound2 1.2.9-2 > ii libatk-bridge2.0-0 2.49.91-2 > ii libatk1.0-02.49.91-2 > ii libatomic1 13.2.0-3 > ii libatspi2.0-0 2.49.91-2 > ii libbrotli1 1.0.9-2+b6 > ii libc6 2.37-7 > ii libcairo2 1.17.8-3 > ii libcups2 2.4.2-5 > ii libdbus-1-31.14.10-1devuan1 > ii libdouble-conversion3 3.3.0-1 > ii libdrm22.4.115-1 > ii libevent-2.1-7 2.1.12-stable-8 > ii libexpat1 2.5.0-2 > ii libflac12 1.4.3+ds-2 > ii libfontconfig1 2.14.2-5 OpenPGP_signature Description: OpenPGP digital signature
Bug#1051786: CVE-2023-4863: Heap buffer overflow in WebP
Subject: CVE-2023-4863: Heap buffer overflow in WebP Package: chromium Version: 116.0.5845.180-1 Severity: grave Tags: security Justification: user security hole X-Debbugs-Cc: Debian Security Team On Tue, Sep 12, 2023 at 9:07 AM Jeffrey Cliff wrote: > > Dear Maintainer, > > 116.0.5845.187 fixes a critical remote vulnerability in chrome > > [$NA][1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP. > Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen > Lab at The University of Torontoʼs Munk School on 2023-09-06 > > https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html > > Might want to look into this at least > > Jeff Cliff > > > -- System Information: > Debian Release: trixie/sid > APT prefers unstable-debug > APT policy: (500, 'unstable-debug'), (500, 'stable-debug'), (500, > 'oldstable-debug') > Architecture: amd64 (x86_64) > > Kernel: Linux 6.5.0-gnulibre (SMP w/2 CPU threads; PREEMPT) > Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), > LANGUAGE=en_CA:en > Shell: /bin/sh linked to /usr/bin/dash > Init: sysvinit (via /sbin/init) > LSM: AppArmor: enabled > > > Versions of packages chromium depends on: > pn chromium-common > ii libasound2 1.2.9-2 > ii libatk-bridge2.0-0 2.49.91-2 > ii libatk1.0-02.49.91-2 > ii libatomic1 13.2.0-3 > ii libatspi2.0-0 2.49.91-2 > ii libbrotli1 1.0.9-2+b6 > ii libc6 2.37-7 > ii libcairo2 1.17.8-3 > ii libcups2 2.4.2-5 > ii libdbus-1-31.14.10-1devuan1 > ii libdouble-conversion3 3.3.0-1 > ii libdrm22.4.115-1 > ii libevent-2.1-7 2.1.12-stable-8 > ii libexpat1 2.5.0-2 > ii libflac12 1.4.3+ds-2 > ii libfontconfig1 2.14.2-5 > ii libfreetype6 2.13.2+dfsg-1 > ii libgbm123.1.7-1 > ii libgcc-s1 13.2.0-3 > ii libglib2.0-0 2.77.3-1 > ii libgtk-3-0 3.24.38-4 > ii libjpeg62-turbo1:2.1.5-2 > ii libjsoncpp25 1.9.5-6 > ii liblcms2-2 2.14-2 > ii libminizip11:1.2.13.dfsg-3 > ii libnspr4 2:4.35-1.1 > ii libnss32:3.92-1 > pn libopenh264-7 > ii libopenjp2-7 2.5.0-2 > ii libopus0 1.4-1 > ii libpango-1.0-0 1.51.0+ds-2 > ii libpng16-161.6.40-1 > ii libpulse0 16.1+dfsg1-2+b1 > ii libsnappy1v5 1.1.10-1 > ii libstdc++6 13.2.0-3 > ii libwebp7 1.2.4-0.2 > ii libwebpdemux2 1.2.4-0.2 > ii libwebpmux31.2.4-0.2 > ii libwoff1 1.0.2-2 > ii libx11-6 2:1.8.6-1 > ii libxcb11.15-1 > ii libxcomposite1 1:0.4.5-1 > ii libxdamage11:1.1.6-1 > ii libxext6 2:1.3.4-1+b1 > ii libxfixes3 1:6.0.0-2 > ii libxkbcommon0 1.5.0-1 > ii libxml22.9.14+dfsg-1.3 > ii libxnvctrl0525.125.06-1 > ii libxrandr2 2:1.5.2-2+b1 > ii libxslt1.1 1.1.35-1 > ii zlib1g 1:1.2.13.dfsg-3 > > Versions of packages chromium recommends: > pn chromium-sandbox > > Versions of packages chromium suggests: > pn chromium-driver > pn chromium-l10n > pn chromium-shell -- End the campaign to Cancel Richard Stallman - go to stallmansupport.org !
