Bug#1051786: CVE-2023-4863: Heap buffer overflow in WebP

Jeffrey Cliff Tue, 12 Sep 2023 08:12:17 -0700

Subject: CVE-2023-4863: Heap buffer overflow in WebP
Package: chromium
Version: 116.0.5845.180-1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>




On Tue, Sep 12, 2023 at 9:07 AM Jeffrey Cliff <jeffrey.cl...@gmail.com> wrote:
>
> Dear Maintainer,
>
> 116.0.5845.187 fixes a critical remote vulnerability in chrome
>
> [$NA][1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP.
> Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen
> Lab at The University of Torontoʼs Munk School on 2023-09-06
>
> https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
>
> Might want to look into this at least
>
> Jeff Cliff
>
>
> -- System Information:
> Debian Release: trixie/sid
>   APT prefers unstable-debug
>   APT policy: (500, 'unstable-debug'), (500, 'stable-debug'), (500,
> 'oldstable-debug')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 6.5.0-gnulibre (SMP w/2 CPU threads; PREEMPT)
> Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8),
> LANGUAGE=en_CA:en
> Shell: /bin/sh linked to /usr/bin/dash
> Init: sysvinit (via /sbin/init)
> LSM: AppArmor: enabled
>
>
> Versions of packages chromium depends on:
> pn  chromium-common        <none>
> ii  libasound2             1.2.9-2
> ii  libatk-bridge2.0-0     2.49.91-2
> ii  libatk1.0-0            2.49.91-2
> ii  libatomic1             13.2.0-3
> ii  libatspi2.0-0          2.49.91-2
> ii  libbrotli1             1.0.9-2+b6
> ii  libc6                  2.37-7
> ii  libcairo2              1.17.8-3
> ii  libcups2               2.4.2-5
> ii  libdbus-1-3            1.14.10-1devuan1
> ii  libdouble-conversion3  3.3.0-1
> ii  libdrm2                2.4.115-1
> ii  libevent-2.1-7         2.1.12-stable-8
> ii  libexpat1              2.5.0-2
> ii  libflac12              1.4.3+ds-2
> ii  libfontconfig1         2.14.2-5
> ii  libfreetype6           2.13.2+dfsg-1
> ii  libgbm1                23.1.7-1
> ii  libgcc-s1              13.2.0-3
> ii  libglib2.0-0           2.77.3-1
> ii  libgtk-3-0             3.24.38-4
> ii  libjpeg62-turbo        1:2.1.5-2
> ii  libjsoncpp25           1.9.5-6
> ii  liblcms2-2             2.14-2
> ii  libminizip1            1:1.2.13.dfsg-3
> ii  libnspr4               2:4.35-1.1
> ii  libnss3                2:3.92-1
> pn  libopenh264-7          <none>
> ii  libopenjp2-7           2.5.0-2
> ii  libopus0               1.4-1
> ii  libpango-1.0-0         1.51.0+ds-2
> ii  libpng16-16            1.6.40-1
> ii  libpulse0              16.1+dfsg1-2+b1
> ii  libsnappy1v5           1.1.10-1
> ii  libstdc++6             13.2.0-3
> ii  libwebp7               1.2.4-0.2
> ii  libwebpdemux2          1.2.4-0.2
> ii  libwebpmux3            1.2.4-0.2
> ii  libwoff1               1.0.2-2
> ii  libx11-6               2:1.8.6-1
> ii  libxcb1                1.15-1
> ii  libxcomposite1         1:0.4.5-1
> ii  libxdamage1            1:1.1.6-1
> ii  libxext6               2:1.3.4-1+b1
> ii  libxfixes3             1:6.0.0-2
> ii  libxkbcommon0          1.5.0-1
> ii  libxml2                2.9.14+dfsg-1.3
> ii  libxnvctrl0            525.125.06-1
> ii  libxrandr2             2:1.5.2-2+b1
> ii  libxslt1.1             1.1.35-1
> ii  zlib1g                 1:1.2.13.dfsg-3
>
> Versions of packages chromium recommends:
> pn  chromium-sandbox  <none>
>
> Versions of packages chromium suggests:
> pn  chromium-driver  <none>
> pn  chromium-l10n    <none>
> pn  chromium-shell   <none>



-- 
------------------------------------------------------------------------------------------------
End the campaign to Cancel Richard Stallman - go to stallmansupport.org !
------------------------------------------------------------------------------------------------

Bug#1051786: CVE-2023-4863: Heap buffer overflow in WebP

Reply via email to