The issue is fixed upstream in those commits: https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a%5E%21/ https://chromium.googlesource.com/webm/libwebp.git/+/95ea5226c870449522240ccff26f0b006037c520%5E%21/#F0
Whiteboard: (none) => MGA9TOO, MGA8TOOCC: (none) => nicolas.salgueroSource RPM: (none) => libwebp-1.3.0-2.mga9.src.rpm
Assigning this globally because there is no one packager in evidence for libwebp.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (CVE-2023-4863) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863 ======================== Updated packages in 9/core/updates_testing: ======================== lib(64)sharpyuv0-1.3.0-2.1.mga9 lib(64)webp7-1.3.0-2.1.mga9 lib(64)webpdecoder3-1.3.0-2.1.mga9 lib(64)webpdemux2-1.3.0-2.1.mga9 lib(64)webpmux3-1.3.0-2.1.mga9 lib(64)webp-devel-1.3.0-2.1.mga9 libwebp-tools-1.3.0-2.1.mga9 from SRPM: libwebp-1.3.0-2.1.mga9.src.rpm Updated packages in 8/core/updates_testing: ======================== lib(64)webp7-1.1.0-2.2.mga8 lib(64)webpdecoder3-1.1.0-2.2.mga8 lib(64)webpdemux2-1.1.0-2.2.mga8 lib(64)webpmux3-1.1.0-2.2.mga8 lib(64)webp-devel-1.1.0-2.2.mga8 libwebp-tools-1.1.0-2.2.mga8 from SRPM: libwebp-1.1.0-2.2.mga8.src.rpm
Assignee: pkg-bugs => nicolas.salgueroWhiteboard: MGA9TOO, MGA8TOO => MGA8TOOStatus: NEW => ASSIGNEDVersion: Cauldron => 9
Assignee: nicolas.salguero => qa-bugs
MGA8-64 Xfce on Acer Aspire 5253 No innstallation issues. Ref bug 31783 for testing Firefox continues to work OK, looked for other test, and found https://developers.google.com/speed/webp/docs/img2webp trying with some jpg files. $ img2webp shelt0001.jpeg shelt0002.jpeg shelt0003.jpeg -o testwebp.webp Frame #1 dimension mismatched! Got 2104 x 3183. Was expecting 3152 x 2158. Above documentation does not show any light on this problem Ommitting the first jpg: $ img2webp shelt0002.jpeg shelt0003.jpeg -o testwebp.webp Frame #1 dimension mismatched! Got 3152 x 2131. Was expecting 2104 x 3183. Beats me !!!!!
CC: (none) => herman.viaene
Severity: normal => critical
I tested this in MGA9 as best I could. approving this
CC: (none) => brtians1Whiteboard: MGA8TOO => MGA8TOO MGA9-64-OK
MGA9-64 Xfce on Acer Aspire 5253 No innstallation issues. Got exactly te same results as in Comment 3. I don't know what to think of it, specially since I cann't find any restriction on the file sizes while googling.
Advisory uploaded. I assume the script to push updates only works when someone from QA has validated the update, because sometimes sysadmin-bugs is already in the CC list when a bug report for an update is created. @ NS80 Can you please look at Herman's comments?
CC: (none) => marja11, sysadmin-bugsKeywords: (none) => advisory
My understanding is that it selects advisories from svn where the bug is assigned to qa and the validated keyword is present.
CC: (none) => davidwhodgins
(In reply to Dave Hodgins from comment #7) > My understanding is that it selects advisories from svn where the bug is > assigned to qa and the validated keyword is present. Thanks :-)
(In reply to Herman Viaene from comment #5) > MGA9-64 Xfce on Acer Aspire 5253 > No innstallation issues. > Got exactly te same results as in Comment 3. I don't know what to think of > it, specially since I cann't find any restriction on the file sizes while > googling. I tried with some jpeg I have and did not see the message. I think that update need to be urgently pushed since the security issue affects chromium, libreoffice... Best regards, Nico.
Whiteboard: MGA8TOO MGA9-64-OK => MGA8TOO MGA9-64-OK MGA8-64-OK
Approving by the OKs Dont know how to test this myself and it is not a core system package
CC: (none) => friKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0282.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED