Your message dated Sun, 28 May 2023 18:02:26 +0000
with message-id <e1q3kio-001o4i...@fasolo.debian.org>
and subject line Bug#1035371: fixed in libwebp 0.6.1-2.1+deb11u1
has caused the Debian Bug report #1035371,
regarding libwebp: CVE-2023-1999
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1035371: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035371
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libwebp
Version: 1.2.4-0.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for libwebp.
There is unfortunately no public reference accessible, [1] has no
details, [2] is restricted. it might be related to [3] and [4].
CVE-2023-1999[0]:
| Double-free in libwebp
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-1999
https://www.cve.org/CVERecord?id=CVE-2023-1999
[1] https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-1999
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1819244
[3] https://bugs.chromium.org/p/webp/issues/detail?id=603
[4]
https://chromium.googlesource.com/webm/libwebp/+/a486d800b60d0af4cc0836bf7ed8f21e12974129
Can you find more on the issue?
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libwebp
Source-Version: 0.6.1-2.1+deb11u1
Done: Moritz Mühlenhoff <j...@debian.org>
We believe that the bug you reported is fixed in the latest version of
libwebp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1035...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <j...@debian.org> (supplier of updated libwebp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 May 2023 00:18:08 +0200
Source: libwebp
Architecture: source
Version: 0.6.1-2.1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Jeff Breidenbach <j...@debian.org>
Changed-By: Moritz Mühlenhoff <j...@debian.org>
Closes: 1035371
Changes:
libwebp (0.6.1-2.1+deb11u1) bullseye-security; urgency=medium
.
* CVE-2023-1999 (Closes: #1035371)
Checksums-Sha1:
c1e4c6578c98e4eda9684e52c4198ca02282850d 2086 libwebp_0.6.1-2.1+deb11u1.dsc
a906ee1ba8a5da0f9c6d3f1fd17af1ed183e774f 3554290 libwebp_0.6.1.orig.tar.gz
db2c6890a936803528945e30415e9af5857ffec9 14032
libwebp_0.6.1-2.1+deb11u1.debian.tar.xz
e91aebb84899176060a63551d07187cb0e7d4c70 10990
libwebp_0.6.1-2.1+deb11u1_amd64.buildinfo
Checksums-Sha256:
be17e41375907dec4a6b059edb6d019faa5f750573f1f8dba7e00b6f3c2d8974 2086
libwebp_0.6.1-2.1+deb11u1.dsc
a86045e3ec24704bddbaa369ca30980d6bf4f2625f4cdca03715e91f9c08bbb4 3554290
libwebp_0.6.1.orig.tar.gz
07284af84e47c6656a6904eb88ca725ffdd984397ea3636cf83641db93353701 14032
libwebp_0.6.1-2.1+deb11u1.debian.tar.xz
64d48dc43e48c36ed686dc328d157e37bb64b579ec9150d95b6b7399408b3a4e 10990
libwebp_0.6.1-2.1+deb11u1_amd64.buildinfo
Files:
ddf41b229e59d36a4b724e31dfcaa15d 2086 libs optional
libwebp_0.6.1-2.1+deb11u1.dsc
1c3099cd2656d0d80d3550ee29fc0f28 3554290 libs optional
libwebp_0.6.1.orig.tar.gz
7000678655e8bf0d014743912e71c2cd 14032 libs optional
libwebp_0.6.1-2.1+deb11u1.debian.tar.xz
88e872de68e1aa12407cf3dde2b1fb26 10990 libs optional
libwebp_0.6.1-2.1+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmRnV/8ACgkQEMKTtsN8
TjbBhhAAn8wUF/9wtwF9s7qEHESLg0NMn4/wQYZJiwTlb5X7C3iTKArlh/f7Lvk/
jH9PcHN+IWzrpa5FQJ1dBnJvEi5e9pEcNg5dG7dLuVpbCPR+GI6lTwfd8t4SrlqI
qMWn+zHI82xVs5aUWFg+cJPjR2lCJqr2IAVsaQtxcAQxTYQ1x+q2a+ZxKobbF1KT
4/iTvEWRDpEX/0M/Ytm4jlPKhyi0MF7CzPpk9P/Ucun6CVDK0TF6M6qgJ0tvMDKv
Gt8t7plAmQsqPt6iyIxpo0MvmduJoGbpGJCBbiO3uknU8N1cwHkZyedUg24Yb27A
hzD9Y8obga6VlP+Wth9VM3VsviaJO0UXUMcTO5Aa4tFVf02X91kTKiQ1JF6dnxwu
fVX3lt1MgRBDI9UXfRVXVlihgnre45++fag7zIp1sfn2fuOTbdeWsEKopTwlaJoR
Ln1uD9+9vLgRd0DUGFFsF+SURCU94Fleqq0b//zmI1EskuKbWnBBoLMFna9907Bh
Fbv1weF8yzS1j5gga9Bqy5S+/U+AbnWfBRYRwoHB+BNi0iZZBBWLq2nTLSR6/ost
cyXrjq3Yg2lrhAYd7VTxjA1FfSE5XIvBe5hHP0BIq3UCfRPm6TDxGQ+tbUsbUIew
T8dTEM8KzwmqdX80nNIbPhF2pCUYZX9JRrl5luko299mZe/jWVw=
=4OzT
-----END PGP SIGNATURE-----
--- End Message ---
