mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-18 05:28:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
df5e8bcceb48cc009dc3404945ec59c4f80dee12
poky/meta
History
Soumya df5e8bcceb libwebp: Fix CVE-2023-1999 
There exists a use after free/double free in libwebp. An attacker can
use the ApplyFiltersAndEncode() function and loop through to free
best.bw and assign best = trial pointer. The second loop will then
return 0 because of an Out of memory error in VP8 encoder, the pointer
is still assigned to trial and the AddressSanitizer will attempt a double free.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-1999

Upstream patch:
a486d800b6

(From OE-Core rev: a5d0f8734ca643c25f0952387b38edf8ffd70525)

Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-07-21 06:27:34 -10:00
..
classes
useradd-staticids.bbclass: improve error message
2023-07-12 05:11:38 -10:00
conf
maintainers.inc: unassign Ricardo Neri from ovmf
2023-07-12 05:11:38 -10:00
files
classes: files: Extend overlayfs-etc class
2022-10-29 16:32:24 +01:00
lib
oeqa/selftest/bbtests: add non-existent prefile/postfile tests
2023-07-12 05:11:38 -10:00
recipes-bsp
grub: submit determinism.patch upstream
2023-07-12 05:11:38 -10:00
recipes-connectivity
bind : fix CVE-2023-2828 & CVE-2023-2911
2023-07-21 06:27:34 -10:00
recipes-core
cve-update-nvd2-native: actually use API keys
2023-07-13 06:42:46 -10:00
recipes-devtools
perl: Fix CVE-2023-31486
2023-07-21 06:27:34 -10:00
recipes-example/rust-hello-world
rustfmt: remove the recipe
2021-12-08 20:22:11 +00:00
recipes-extended
cups: fix CVE-2023-34241 use-after-free in cupsdAcceptClient() in scheduler/client.c
2023-07-12 05:11:38 -10:00
recipes-gnome
epiphany: Security fix for CVE-2023-26081
2023-03-20 17:20:44 +00:00
recipes-graphics
libx11: Fix CVE-2023-3138 for kirkstone branch
2023-07-21 06:27:34 -10:00
recipes-kernel
babeltrace2: Always use BFD linker when building tests with ld-is-lld distro feature
2023-07-12 05:11:38 -10:00
recipes-multimedia
libwebp: Fix CVE-2023-1999
2023-07-21 06:27:34 -10:00
recipes-rt
meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
2022-02-20 16:45:25 +00:00
recipes-sato
webkitgtk: fix CVE-2022-46700
2023-06-21 04:00:58 -10:00
recipes-support
curl: Added CVE-2023-28320 Follow-up patch
2023-07-21 06:27:34 -10:00
site
ppc/siteinfo: Fix differences between musl and glibc
2022-03-15 08:40:09 +00:00
COPYING.MIT
recipes.txt
Remove LSB support
2019-08-29 14:05:12 +01:00