Sure Martin.
Regards,
Soumya
From: Martin Jansa
Sent: Thursday, November 2, 2023 12:35 PM
To: Sambu, Soumya
Cc: st...@sakoman.com ;
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][kirkstone 3/3] libwebp: Fix CVE-2023-4863
CAUTION: This email
lf of Steve Sakoman via
> lists.openembedded.org
> *Sent:* Wednesday, November 1, 2023 7:21 PM
> *To:* Martin Jansa
> *Cc:* openembedded-core@lists.openembedded.org <
> openembedded-core@lists.openembedded.org>
> *Subject:* Re: [OE-core][kirkstone 3/3] libwebp: Fix CVE-
-core@lists.openembedded.org
Subject: Re: [OE-core][kirkstone 3/3] libwebp: Fix CVE-2023-4863
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
Thanks for reviewing Martin!
I'll drop
Thanks for reviewing Martin!
I'll drop this patch until there is further clarification on the need for it.
Steve
On Tue, Oct 31, 2023 at 1:39 PM Martin Jansa wrote:
>
> I'm surprised this one does apply in kirkstone as there is this security
> issue already fixed as 2023-5129 (see dunfell
I'm surprised this one does apply in kirkstone as there is this security
issue already fixed as 2023-5129 (see dunfell commit
https://git.openembedded.org/openembedded-core/commit/?h=dunfell=7dce529515baa843ba3e5c89b2ad605b9845c59b
and
a bit more details in
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:
---
Testing patch
/home/patchtest/share/mboxes/kirkstone-3-3-libwebp-Fix-CVE-2023-4863.patch
FAIL: test CVE presence in commit message: A CVE tag should be
From: Soumya Sambu
Heap buffer overflow in WebP in Google Chrome prior to
116.0.5845.187 allowed a remote attacker to perform an
out of bounds memory write via a crafted HTML page.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863