Date: Fri, 22 Sep 2023 10:18:07 -0300 From: Rodrigo Freire <rfreire@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec On Fri, Sep 22, 2023 at 8:43 AM Marc Deslauriers <marc.deslauriers@...onical.com> wrote: > We (Ubuntu) didn't include that second commit in our libwebp updates, and I > don't believe Red Hat/Fedora did either. If that second commit does have a > security impact, it probably needs a different CVE to clear up confusion. And hope that time the CNA assigns the CVE to the right component... - RF
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.