Closed n0vad3v closed 1 year ago
libwebp CVE is fixed on https://chromium.googlesource.com/webm/libwebp/+/refs/tags/v1.3.2 tag 1.3.2
libwebp
security fix for lossless decoder (chromium: #1479274, CVE-2023-4863)
While libwebp-dev package on debian-bookworm is still 1.2.4 (1.2.4-0.2+deb12u1), we need to compile libwebp to mitigate this CVE before new libwebp-dev is released.
libwebp-dev
debian-bookworm
ghcr.io/webp-sh/webp_server_go (debian 12.1) ============================================ Total: 0 (HIGH: 0, CRITICAL: 0)
libwebp
CVE is fixed on https://chromium.googlesource.com/webm/libwebp/+/refs/tags/v1.3.2 tag 1.3.2While
libwebp-dev
package ondebian-bookworm
is still 1.2.4 (1.2.4-0.2+deb12u1), we need to compilelibwebp
to mitigate this CVE before newlibwebp-dev
is released.