Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Release Notes
electron/electron (electron)
### [`v24.8.5`](https://togithub.com/electron/electron/releases/tag/v24.8.5): electron v24.8.5
[Compare Source](https://togithub.com/electron/electron/compare/v24.8.4...v24.8.5)
### Release Notes for v24.8.5
#### Other Changes
- Security: backported fix for CVE-2023-5217. [#40025](https://togithub.com/electron/electron/pull/40025)
### [`v24.8.4`](https://togithub.com/electron/electron/releases/tag/v24.8.4): electron v24.8.4
### Release Notes for v24.8.4
#### Fixes
- Fixed a redundant permission popup while fetching screens and windows using `desktopCapturer.getSources()` on Wayland. [#39711](https://togithub.com/electron/electron/pull/39711) (Also in [25](https://togithub.com/electron/electron/pull/39710), [26](https://togithub.com/electron/electron/pull/39189))
### [`v24.8.3`](https://togithub.com/electron/electron/releases/tag/v24.8.3): electron v24.8.3
### Release Notes for v24.8.3
#### Other Changes
- Security: backported fix for CVE-2023-4763.
- Security: backported fix for CVE-2023-4762.
- Security: backported fix for CVE-2023-4761. [#39757](https://togithub.com/electron/electron/pull/39757)
- Security: backported fix for CVE-2023-4863. [#39826](https://togithub.com/electron/electron/pull/39826)
Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
24.8.2->24.8.5GitHub Vulnerability Alerts
CVE-2023-4863
Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVE-2023-5217
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Release Notes
electron/electron (electron)
### [`v24.8.5`](https://togithub.com/electron/electron/releases/tag/v24.8.5): electron v24.8.5 [Compare Source](https://togithub.com/electron/electron/compare/v24.8.4...v24.8.5) ### Release Notes for v24.8.5 #### Other Changes - Security: backported fix for CVE-2023-5217. [#40025](https://togithub.com/electron/electron/pull/40025) ### [`v24.8.4`](https://togithub.com/electron/electron/releases/tag/v24.8.4): electron v24.8.4 ### Release Notes for v24.8.4 #### Fixes - Fixed a redundant permission popup while fetching screens and windows using `desktopCapturer.getSources()` on Wayland. [#39711](https://togithub.com/electron/electron/pull/39711) (Also in [25](https://togithub.com/electron/electron/pull/39710), [26](https://togithub.com/electron/electron/pull/39189)) ### [`v24.8.3`](https://togithub.com/electron/electron/releases/tag/v24.8.3): electron v24.8.3 ### Release Notes for v24.8.3 #### Other Changes - Security: backported fix for CVE-2023-4763. - Security: backported fix for CVE-2023-4762. - Security: backported fix for CVE-2023-4761. [#39757](https://togithub.com/electron/electron/pull/39757) - Security: backported fix for CVE-2023-4863. [#39826](https://togithub.com/electron/electron/pull/39826)Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.