From 1.3.1 release notes: ``` - 6/23/2023: version 1.3.1 This is a binary compatible release. * security fixes for lossless encoder (#603, chromium: #1420107, #1455619, CVE-2023-1999) [...] ```
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b41cdefc20c6fa856e84e96ed94bc9bda7ba9e1 commit 3b41cdefc20c6fa856e84e96ed94bc9bda7ba9e1 Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2023-06-30 16:25:22 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2023-06-30 16:25:48 +0000 media-libs/libwebp: backport fix for CVE-2023-1999 Bug: https://bugs.gentoo.org/909369 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> .../files/libwebp-1.2.4-CVE-2023-1999.patch | 50 ++++++++++++++ media-libs/libwebp/libwebp-1.2.4-r2.ebuild | 78 ++++++++++++++++++++++ 2 files changed, 128 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8718c276e87f7805e09f3a881fc24176e4e7028 commit c8718c276e87f7805e09f3a881fc24176e4e7028 Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2023-07-01 12:57:40 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2023-07-01 12:57:40 +0000 media-libs/libwebp: drop 1.2.4-r1 Bug: https://bugs.gentoo.org/909369 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> media-libs/libwebp/libwebp-1.2.4-r1.ebuild | 77 ------------------------------ 1 file changed, 77 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=d361bb64925c940e98cf1429e87cc88bb33ce358 commit d361bb64925c940e98cf1429e87cc88bb33ce358 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-17 05:52:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-17 05:53:28 +0000 [ GLSA 202309-05 ] WebP: Multiple vulnerabilities Bug: https://bugs.gentoo.org/909369 Bug: https://bugs.gentoo.org/914010 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202309-05.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)