Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 22 Sep 2023 10:18:07 -0300
From: Rodrigo Freire <>
Subject: Re: CVE-2023-4863: libwebp: Heap buffer overflow in
 WebP Codec

On Fri, Sep 22, 2023 at 8:43 AM Marc Deslauriers
<> wrote:
> We (Ubuntu) didn't include that second commit in our libwebp updates, and I
> don't believe Red Hat/Fedora did either. If that second commit does have a
> security impact, it probably needs a different CVE to clear up confusion.

And hope that time the CNA assigns the CVE to the right component...

- RF

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.