Context Navigation

← Previous Ticket
Next Ticket →

#805 closed defect (fixed)

Vulnerable versions of libwebp, upgrade to 1.3.2

Reported by:	Andreas Müller	Owned by:	osgeo4w-dev@…
Priority:	normal	Component:	Package
Version:		Keywords:
Cc:

Description

In my department we were pointed to the vulnerability of libwebp. After CVE-2023-4863 the open source library libwebp is vulnerable to Heap buffer overflow. I think osgeo4w uses this library, too (libwebp-1.2.2-1). If I understand right, it can be upgraded to 1.3.2 which has a security fix.

Change History (3)

comment:1 by jef, 8 months ago

Already fixed in https://github.com/jef-n/OSGeo4W/commit/8ab3f8cac8f5d5b3aef48dd36be09cbbfbb3e044

Last edited 8 months ago by jef (previous) (diff)

comment:2 by andreaerdna, 7 months ago

Isn't this fixed now?

comment:3 by jef, 7 months ago

Resolution:	→ fixed
Status:	new → closed

Note: See TracTickets for help on using tickets.

Download in other formats:

RSS Feed
Comma-delimited Text
Tab-delimited Text