Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 915168

Summary: <net-im/telegram-desktop-bin-4.9.7 include vulnerable libwebp
Product: Gentoo Security Reporter: Joe Kappus <joe>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: neb.semqen.ramesses
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/33201
Whiteboard: ~2 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 914072    

Description Joe Kappus 2023-10-04 08:10:29 UTC 
Old versions below 4.9.7 vulnerable to CVE-2023-4863, CVE-2023-5129.

Reproducible: Always
Comment 1 Hans de Graaff gentoo-dev Security 2023-10-05 06:14:33 UTC 
Please remove vulnerable versions.
Comment 2 Joe Kappus 2023-10-05 22:10:18 UTC 
whoops referenced wrong bug with the PR, it's attached now
Comment 3 Hans de Graaff gentoo-dev Security 2023-10-06 07:46:47 UTC 
Cleanup done.