Bug 273749 - graphics/webp: backport fix for CVE-2023-4863
Summary: graphics/webp: backport fix for CVE-2023-4863
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Po-Chuan Hsieh
URL: https://gitlab.archlinux.org/archlinu...
Keywords: security
Depends on:
Blocks:
 
Reported: 2023-09-13 04:04 UTC by (intentionally left blank)
Modified: 2023-09-15 11:43 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (sunpoet)
grahamperrin: merge-quarterly?

Attachments
patch (19.93 KB, patch)
2023-09-13 04:04 UTC, (intentionally left blank) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description (intentionally left blank) 2023-09-13 04:04:16 UTC 
Created attachment 244800 [details]
patch
Comment 1 (intentionally left blank) 2023-09-13 05:06:15 UTC 
www/firefox doesn't seem to pass poudriere, ignore the attached patch.
Comment 2 (intentionally left blank) 2023-09-13 05:52:58 UTC 
(In reply to (intentionally left blank) from comment #1)

> www/firefox doesn't seem to pass poudriere

Pilot error due to local automation tripping over base 78847e1e5927

Builds and runs fine after pkg upgrade.
Comment 3 Graham Perrin 2023-09-14 20:40:03 UTC 
Does ports security bug 273766 (up from 1.3.1_1 to 1.3.2) negate the need for this backport?
Comment 4 (intentionally left blank) 2023-09-15 11:43:44 UTC 
1.3.2 is out: https://github.com/webmproject/libwebp/releases/tag/v1.3.2