Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 915168 - <net-im/telegram-desktop-bin-4.9.7 include vulnerable libwebp
Summary: <net-im/telegram-desktop-bin-4.9.7 include vulnerable libwebp
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~2 [noglsa]
Keywords: PullRequest
Depends on:
Blocks: CVE-2023-4863, CVE-2023-5129
  Show dependency tree
Reported: 2023-10-04 08:10 UTC by Joe Kappus
Modified: 2023-10-23 04:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Joe Kappus 2023-10-04 08:10:29 UTC
Old versions below 4.9.7 vulnerable to CVE-2023-4863, CVE-2023-5129.

Reproducible: Always
Comment 1 Hans de Graaff gentoo-dev Security 2023-10-05 06:14:33 UTC
Please remove vulnerable versions.
Comment 2 Joe Kappus 2023-10-05 22:10:18 UTC
whoops referenced wrong bug with the PR, it's attached now
Comment 3 Hans de Graaff gentoo-dev Security 2023-10-06 07:46:47 UTC
Cleanup done.