Your message dated Fri, 19 May 2023 14:23:29 +0000 with message-id <e1q010z-008pzs...@fasolo.debian.org> and subject line Bug#1035371: fixed in libwebp 1.2.4-0.2 has caused the Debian Bug report #1035371, regarding libwebp: CVE-2023-1999 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1035371: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035371 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libwebp Version: 1.2.4-0.1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for libwebp. There is unfortunately no public reference accessible, [1] has no details, [2] is restricted. it might be related to [3] and [4]. CVE-2023-1999[0]: | Double-free in libwebp If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-1999 https://www.cve.org/CVERecord?id=CVE-2023-1999 [1] https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-1999 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1819244 [3] https://bugs.chromium.org/p/webp/issues/detail?id=603 [4] https://chromium.googlesource.com/webm/libwebp/+/a486d800b60d0af4cc0836bf7ed8f21e12974129 Can you find more on the issue? Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libwebp Source-Version: 1.2.4-0.2 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of libwebp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1035...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libwebp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 19 May 2023 14:50:58 +0200 Source: libwebp Architecture: source Version: 1.2.4-0.2 Distribution: unstable Urgency: high Maintainer: Jeff Breidenbach <j...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1035371 Changes: libwebp (1.2.4-0.2) unstable; urgency=high . * Non-maintainer upload. * EncodeAlphaInternal: clear result->bw on error (CVE-2023-1999) (Closes: #1035371) Checksums-Sha1: 1a01da46413cc8d0972a49eebf78c7240bb8ac68 2531 libwebp_1.2.4-0.2.dsc 05f6e63641f7ad438b910e70a07d46bffb41ff17 8064 libwebp_1.2.4-0.2.debian.tar.xz Checksums-Sha256: a5138070f42170f20c6b6daabc56716c5f7c3973a904ac37978cfe19f3d7e1df 2531 libwebp_1.2.4-0.2.dsc e8bd944079de9d9e00fe210e28c987f60d96f8210f089fe4d56ef43f4570c933 8064 libwebp_1.2.4-0.2.debian.tar.xz Files: cd7d8c28e0e59e52d5709c06bbb0e7f6 2531 libs optional libwebp_1.2.4-0.2.dsc 5a33ccbdcd690d137c07f110efb0a236 8064 libs optional libwebp_1.2.4-0.2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRncgVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EaDkP/1huNiCtVvzwTdi8qbZOFRBhf4mWMqhE OoRS6YMEVr4LfFX6HR08ym3WwSFhp2urWMZQKokgblKBgivH9JU5Ic8CmBlP9i9b dERKk8T2TYIisDgWXeA03LfAOlaKmgyBmfjQSWJLaA1xLOjZztGBq+tA2R8H7Cjt WtktOEeG/+VKbST7oAicxE5UzpSR6afutbn+dH/37/QX0xonBv0e3OQ1OZoCYBn6 6MiIRTOGq3zaCOe1J887MXvpY06ru1hcPGjqvlFQ6deeCN4XxdgVlKsff0JYKGj2 WCHlVR7IKZJR6JGEol7pcvhO+LMPoKSRDjWHZUjadOjKYUXpqbxE4Uj2easVhFb7 9mna2iQa9CPfKqDunvzlV6m7V9n4iuLkElsTg7VPVe7phDAOpBEhf4ycKpWbdTt1 JbaY9w0L7xukwPcyKNxl01rLRtyr2ssg0XvTEBeFb2G+6P0c36VYagBJ691Vs4X4 ASqc7GAJb2loiGClah/6AOMitoenuru6TpltS+OYhnPFwxfMz71YHXI2nzTF4LiD yhiWuCIw64MHFQk1v56dXt59HgcQ3X2h3qcwNQX+rQeLyaw1TE6WZ2TcBpdlzcQ6 0k6+xp1xgBcIWHlwYJd9S34sqTz1xtAY/GTHIUzfGxm02WUHkkxjA2CHuR/KOckA D7Zc3h3ilRWV =faJU -----END PGP SIGNATURE-----
--- End Message ---
