#17918 closed enhancement (fixed)
libwebp double-free
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
In firefox-112.0 and 102.10.0 mozilla cherry-picked a fix for libwebp. The release notes say this could lead to memory corruption and a potentially exploitable crash, so mozilla rate the severity as High.
Reference MFSA-TMP-2023-0001, no release from libwebp at the moment (webp bug 603). https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/
Unlike the mozilla binaries, BLFS uses system libwebp. I have a patch.
Change History (4)
comment:1 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | assigned → new |
comment:2 by , 2 years ago
Book pushed in b2dcbff6a01aaa19073985b8a3908d7693db8a48 11.3-313 (maybe 11.3-312)
Note to self: read the prompts *carefully* when using 'git pull --no-ff' with more than one local commit.
Note:
See TracTickets
for help on using tickets.
typo when assigning