mirrors/poky - poky - zepto initiative

mirrors/poky

Fork 0

mirror of https://git.yoctoproject.org/poky synced 2026-03-11 01:39:40 +01:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Soumya Sambu	9f0a8901d1	libwebp: Fix CVE-2023-4863 Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Removed CVE-2023-5129.patch as CVE-2023-5129 is duplicate of CVE-2023-4863. CVE: CVE-2023-4863 References: https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://security-tracker.debian.org/tracker/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431#c12 (From OE-Core rev: dbef9bf56fec551b6d1428fcefdadb500172940a) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-11-14 06:49:11 -10:00
Colin McAllister	8b4655300d	libwebp: Fix CVE-2023-5129 Add patch from libwebp 1.2.4 to fix CVE-2023-5129 (From OE-Core rev: 544301c63801cf0c0cfcc0c8d71bdd8e2de82805) Signed-off-by: Colin McAllister <colinmca242@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-09-30 09:43:59 -10:00
Soumya	df5e8bcceb	libwebp: Fix CVE-2023-1999 There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-1999 Upstream patch: `a486d800b6` (From OE-Core rev: a5d0f8734ca643c25f0952387b38edf8ffd70525) Signed-off-by: Soumya <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-07-21 06:27:34 -10:00

Soumya Sambu

9f0a8901d1

libwebp: Fix CVE-2023-4863

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187
allowed a remote attacker to perform an out of bounds memory write via
a crafted HTML page.

Removed CVE-2023-5129.patch as CVE-2023-5129 is duplicate of CVE-2023-4863.

CVE: CVE-2023-4863

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
https://security-tracker.debian.org/tracker/CVE-2023-4863
https://bugzilla.redhat.com/show_bug.cgi?id=2238431#c12

(From OE-Core rev: dbef9bf56fec551b6d1428fcefdadb500172940a)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2023-11-14 06:49:11 -10:00

Colin McAllister

8b4655300d

libwebp: Fix CVE-2023-5129

Add patch from libwebp 1.2.4 to fix CVE-2023-5129

(From OE-Core rev: 544301c63801cf0c0cfcc0c8d71bdd8e2de82805)

Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2023-09-30 09:43:59 -10:00

Soumya

df5e8bcceb

libwebp: Fix CVE-2023-1999

There exists a use after free/double free in libwebp. An attacker can
use the ApplyFiltersAndEncode() function and loop through to free
best.bw and assign best = trial pointer. The second loop will then
return 0 because of an Out of memory error in VP8 encoder, the pointer
is still assigned to trial and the AddressSanitizer will attempt a double free.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-1999

Upstream patch:
a486d800b6

(From OE-Core rev: a5d0f8734ca643c25f0952387b38edf8ffd70525)

Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2023-07-21 06:27:34 -10:00

3 Commits