| From: D. Hugh Redelmeier via talk <talk@gtalug.org> | It turns out that the bug is in libwebp. "WebP codec is a library to | encode and decode images in WebP format." | | libwebp is used in a lot of programs. On my Fedora 38 system, it is a | shared library so it can be fixed in one update. Except where the library | is copied (for example, statically linked, or used in a container of some | sort).
Still more reverberation: copies exist in several Python projects. This paper appears to report on rather hard work to discover problems with projects in PyPI. <https://sethmlarson.dev/security-developer-in-residence-weekly-report-16> Perhaps analogous work is needed in many repositories. Of course libwebp might not be the only dangerous library. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk