[Touch-packages] [Bug 1919977] Re: heap-buffer-overflow in old libwebp
[Expired for libwebp (Ubuntu) because there has been no activity for 60 days.] ** Changed in: libwebp (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libwebp in Ubuntu. https://bugs.launchpad.net/bugs/1919977 Title: heap-buffer-overflow in old libwebp Status in libwebp package in Ubuntu: Expired Bug description: I found an overflow error when testing the security of ImageMagick on ubuntu20.02. The error exists in the libwebp library, and the old version is used in the system source. When ImageMagick calls the libwebp library to parse the webp file, an overflow occurs. system info: Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS Release: 20.04 Codename: focal Edith by issues:https://github.com/ImageMagick/ImageMagick/issues/3403 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libwebp/+bug/1919977/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1919977] Re: heap-buffer-overflow in old libwebp
There was an update to libwebp that fixed a bunch of security issues: https://ubuntu.com/security/notices/USN-4971-1 Could you test again to see if the issue is resolved? Thanks! ** Changed in: libwebp (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libwebp in Ubuntu. https://bugs.launchpad.net/bugs/1919977 Title: heap-buffer-overflow in old libwebp Status in libwebp package in Ubuntu: Incomplete Bug description: I found an overflow error when testing the security of ImageMagick on ubuntu20.02. The error exists in the libwebp library, and the old version is used in the system source. When ImageMagick calls the libwebp library to parse the webp file, an overflow occurs. system info: Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS Release: 20.04 Codename: focal Edith by issues:https://github.com/ImageMagick/ImageMagick/issues/3403 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libwebp/+bug/1919977/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1919977] Re: heap-buffer-overflow in old libwebp
Thank you for reporting this issue. Have you reported this to the upstream libwebp developers? If not, we encourage you to report it (you can do so here: https://bugs.chromium.org/p/webp/issues/list) and keep us in the loop if possible. Thank you ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libwebp in Ubuntu. https://bugs.launchpad.net/bugs/1919977 Title: heap-buffer-overflow in old libwebp Status in libwebp package in Ubuntu: New Bug description: I found an overflow error when testing the security of ImageMagick on ubuntu20.02. The error exists in the libwebp library, and the old version is used in the system source. When ImageMagick calls the libwebp library to parse the webp file, an overflow occurs. system info: Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS Release: 20.04 Codename: focal Edith by issues:https://github.com/ImageMagick/ImageMagick/issues/3403 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libwebp/+bug/1919977/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp