Your message dated Fri, 19 May 2023 14:23:29 +0000
with message-id <e1q010z-008pzs...@fasolo.debian.org>
and subject line Bug#1035371: fixed in libwebp 1.2.4-0.2
has caused the Debian Bug report #1035371,
regarding libwebp: CVE-2023-1999
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1035371: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035371
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libwebp
Version: 1.2.4-0.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>

Hi,

The following vulnerability was published for libwebp.

There is unfortunately no public reference accessible, [1] has no
details, [2] is restricted. it might be related to [3] and [4].

CVE-2023-1999[0]:
| Double-free in libwebp

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-1999
    https://www.cve.org/CVERecord?id=CVE-2023-1999
[1] https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-1999
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1819244
[3] https://bugs.chromium.org/p/webp/issues/detail?id=603
[4] 
https://chromium.googlesource.com/webm/libwebp/+/a486d800b60d0af4cc0836bf7ed8f21e12974129

Can you find more on the issue?

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: libwebp
Source-Version: 1.2.4-0.2
Done: Salvatore Bonaccorso <car...@debian.org>

We believe that the bug you reported is fixed in the latest version of
libwebp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1035...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated libwebp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 19 May 2023 14:50:58 +0200
Source: libwebp
Architecture: source
Version: 1.2.4-0.2
Distribution: unstable
Urgency: high
Maintainer: Jeff Breidenbach <j...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1035371
Changes:
 libwebp (1.2.4-0.2) unstable; urgency=high
 .
   * Non-maintainer upload.
   * EncodeAlphaInternal: clear result->bw on error (CVE-2023-1999)
     (Closes: #1035371)
Checksums-Sha1: 
 1a01da46413cc8d0972a49eebf78c7240bb8ac68 2531 libwebp_1.2.4-0.2.dsc
 05f6e63641f7ad438b910e70a07d46bffb41ff17 8064 libwebp_1.2.4-0.2.debian.tar.xz
Checksums-Sha256: 
 a5138070f42170f20c6b6daabc56716c5f7c3973a904ac37978cfe19f3d7e1df 2531 
libwebp_1.2.4-0.2.dsc
 e8bd944079de9d9e00fe210e28c987f60d96f8210f089fe4d56ef43f4570c933 8064 
libwebp_1.2.4-0.2.debian.tar.xz
Files: 
 cd7d8c28e0e59e52d5709c06bbb0e7f6 2531 libs optional libwebp_1.2.4-0.2.dsc
 5a33ccbdcd690d137c07f110efb0a236 8064 libs optional 
libwebp_1.2.4-0.2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRncgVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EaDkP/1huNiCtVvzwTdi8qbZOFRBhf4mWMqhE
OoRS6YMEVr4LfFX6HR08ym3WwSFhp2urWMZQKokgblKBgivH9JU5Ic8CmBlP9i9b
dERKk8T2TYIisDgWXeA03LfAOlaKmgyBmfjQSWJLaA1xLOjZztGBq+tA2R8H7Cjt
WtktOEeG/+VKbST7oAicxE5UzpSR6afutbn+dH/37/QX0xonBv0e3OQ1OZoCYBn6
6MiIRTOGq3zaCOe1J887MXvpY06ru1hcPGjqvlFQ6deeCN4XxdgVlKsff0JYKGj2
WCHlVR7IKZJR6JGEol7pcvhO+LMPoKSRDjWHZUjadOjKYUXpqbxE4Uj2easVhFb7
9mna2iQa9CPfKqDunvzlV6m7V9n4iuLkElsTg7VPVe7phDAOpBEhf4ycKpWbdTt1
JbaY9w0L7xukwPcyKNxl01rLRtyr2ssg0XvTEBeFb2G+6P0c36VYagBJ691Vs4X4
ASqc7GAJb2loiGClah/6AOMitoenuru6TpltS+OYhnPFwxfMz71YHXI2nzTF4LiD
yhiWuCIw64MHFQk1v56dXt59HgcQ3X2h3qcwNQX+rQeLyaw1TE6WZ2TcBpdlzcQ6
0k6+xp1xgBcIWHlwYJd9S34sqTz1xtAY/GTHIUzfGxm02WUHkkxjA2CHuR/KOckA
D7Zc3h3ilRWV
=faJU
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to