#805 closed defect (fixed)

Vulnerable versions of libwebp, upgrade to 1.3.2

Reported by: Andreas Müller Owned by: osgeo4w-dev@…
Priority: normal Component: Package
Version: Keywords:
Cc:

Description

In my department we were pointed to the vulnerability of libwebp. After CVE-2023-4863 the open source library libwebp is vulnerable to Heap buffer overflow. I think osgeo4w uses this library, too (libwebp-1.2.2-1). If I understand right, it can be upgraded to 1.3.2 which has a security fix.

Change History (3)

comment:1 by jef, 14 months ago

Already fixed.

Version 0, edited 14 months ago by jef (next)

comment:2 by andreaerdna, 13 months ago

Isn't this fixed now?

comment:3 by jef, 13 months ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.