Opened 14 months ago
Closed 13 months ago
#805 closed defect (fixed)
Vulnerable versions of libwebp, upgrade to 1.3.2
Reported by: | Andreas Müller | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | Package |
Version: | Keywords: | ||
Cc: |
Description
In my department we were pointed to the vulnerability of libwebp. After CVE-2023-4863 the open source library libwebp is vulnerable to Heap buffer overflow. I think osgeo4w uses this library, too (libwebp-1.2.2-1). If I understand right, it can be upgraded to 1.3.2 which has a security fix.
Note:
See TracTickets
for help on using tickets.
Already fixed.