Your message dated Fri, 22 Sep 2023 08:41:06 +0000
with message-id <e1qjbik-006bie...@fasolo.debian.org>
and subject line Bug#1052447: fixed in libwebp 1.3.2-0.3
has caused the Debian Bug report #1052447,
regarding libwebp: Missing change "Fix invalid incremental decoding check."
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1052447: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052447
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libwebp
Version: 1.2.4-0.3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi
While the security fix in bookworm correctly included as well
https://chromium.googlesource.com/webm/libwebp.git/+/95ea5226c870449522240ccff26f0b006037c520%5E%21/#F0
this is missing in the 1.2.4-0.3 upload and as well in the 1.3.2-0.2
version currently in unstable.
While one might strictly arguing only the first commit is needed from
https://security-tracker.debian.org/tracker/CVE-2023-4863 as we have
not enough ifnormation from the issue, the second one should have been
as well included.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libwebp
Source-Version: 1.3.2-0.3
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
libwebp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1052...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated libwebp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 22 Sep 2023 09:41:18 +0200
Source: libwebp
Architecture: source
Version: 1.3.2-0.3
Distribution: unstable
Urgency: medium
Maintainer: Jeff Breidenbach <j...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1052447
Changes:
libwebp (1.3.2-0.3) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix invalid incremental decoding check. (Closes: #1052447)
* Fix next is invalid pointer when WebPSafeMalloc fails
* Fix static analyzer warnings.
Checksums-Sha1:
3c8d718800bcce053ebf6a5e321f3456c1290cf0 2461 libwebp_1.3.2-0.3.dsc
a2d647abf2344b458184a543d3417e9297a12ba4 15524 libwebp_1.3.2-0.3.debian.tar.xz
Checksums-Sha256:
5fde1afa1af8f1608b26a0040775573b896f97c843fa6f050bd0f4523ac4b6a5 2461
libwebp_1.3.2-0.3.dsc
cacf877660813a005658e18975faa4ffe30b01286a17cf767ffd666e270ce5d5 15524
libwebp_1.3.2-0.3.debian.tar.xz
Files:
e789b36aae0c49a57f26df96706c9a32 2461 libs optional libwebp_1.3.2-0.3.dsc
6731bac2171b42badc1d97e73c8c8598 15524 libs optional
libwebp_1.3.2-0.3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmUNTt1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ec70P/3x6Ifot7Lh9NQg9dzCMG3EYK8v0KS13
ZyeLMCCNdRENsfEhVHEXBC7BTZ7xpSm9vRTnwk/qQddzCP35d62wYxHzC/KSECMD
ixbTNTKVAzyZXXthIMHlqVr/IbNvDM9uXRAFuroC5DxACJNuuI7OEEN/E+qGf52d
mXUmfuakslXrcz9dp9+84Zo8FbIV8InAv6sTbK0XDIC8ciK3ZjNzY3+IqKb2HFCA
L487ljeqZrL3riE1dwQ23yq867MQPCQaeHQVnBTICVE1/LJCBLAr0RmHTO3XbXGS
lmVLLJ89ovMiJSyoTjQ6iwDOAwItB1fEvvSCTV+/EyP9V4Smy8BYgmpmk+4QqqjO
DdnenD2EW0FQ1bYxzmAku7p5FF6WPeiXmpQA51beicsWFg7WdPXECg4mJcI8GF4q
OEnryj0fREkqn5LVdh5uf6ZVYQHIwDXXabwVz1KYQD3t9lmiddUz9id8BhrsMgqz
AQl90ic/IcDXqKqZhmEKp+W7ciA95DnUMXmcJfmY1p3KXgjJ/ZxQQF07ihnUgIGV
+fF49OXlAwN4MIHSxoPr37/lZUo2pjZw6I+cB7la5qMUfef5ikQeJHmgUvLnVi0c
8NuxYBRHhQ6gyXdelYbY5MSprTNnI47AjuBlJ3cMKNGcVrJNQ7pmJBU6lxnKlrS+
ekVsgUN9I+HF
=o7a+
-----END PGP SIGNATURE-----
--- End Message ---
