Notice that it references different CVE id: https://nvd.nist.gov/vuln/detail/CVE-2023-5129 which was marked as a rejected duplicate of: https://nvd.nist.gov/vuln/detail/CVE-2023-4863 but it's the same issue. Hence update CVE ID CVE-2023-4863 to CVE-2023-5129.patch.
Signed-off-by: Pawan <badganch...@gmail.com> --- meta/recipes-multimedia/webp/files/CVE-2023-5129.patch | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch index 356806ad87..ead3dee474 100644 --- a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch +++ b/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch @@ -12,9 +12,16 @@ codes) streams are still decodable. Bug: chromium:1479274 Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741 -CVE: CVE-2023-5129 +Notice that it references different CVE id: +https://nvd.nist.gov/vuln/detail/CVE-2023-5129 +which was marked as a rejected duplicate of: +https://nvd.nist.gov/vuln/detail/CVE-2023-4863 +but it's the same issue. Hence update CVE ID CVE-2023-4863 + +CVE: CVE-2023-5129 CVE-2023-4863 Upstream-Status: Backport [https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a] Signed-off-by: Colin McAllister <colinmca...@gmail.com> +Signed-off-by: Pawan Badganchi <pawan.badgan...@kpit.com> --- src/dec/vp8l_dec.c | 46 ++++++++++--------- src/dec/vp8li_dec.h | 2 +- -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189273): https://lists.openembedded.org/g/openembedded-core/message/189273 Mute This Topic: https://lists.openembedded.org/mt/101991932/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
