[Cin] CVE in libwebp
Andrew Randrianasulu
randrianasulu at gmail.com
Fri Sep 15 20:23:21 CEST 2023
can you check this attached patch with libwebp downloaded from
https://github.com/webmproject/libwebp/archive/refs/tags/v1.3.2.tar.gz
just rename to libwebp-1.3.2.tar.gz and put in thirdparty/src
пт, 15 сент. 2023 г., 18:31 Andrew Randrianasulu <randrianasulu at gmail.com>:
>
>
> пт, 15 сент. 2023 г., 18:26 Phyllis Smith <phylsmith2017 at gmail.com>:
>
>> libwebp is currently at version 1.1.0 for a reason: it requires cmake
>> 3.5 and older versions of ubuntu as well as some other older O/S do not
>> have that. This is documented in the manual with the suggestion of users
>> who want an upgrade will have to first upgrade cmake to 3.5. BUT by now it
>> may even require a later version of cmake (not sure).\
>>
>
> At least 1.2.4 (with this bug fixed) still contain autogen.sh/configure
> script?
>
> https://github.com/webmproject/libwebp/tree/1.2.4
>
> so may be we can switch our build to this scheme ...
>
>
>> On Fri, Sep 15, 2023 at 7:01 AM Andrew Randrianasulu <
>> randrianasulu at gmail.com> wrote:
>>
>>>
>>> https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
>>>
>>> so far Slackware 15.0 bumped libwebp to 1.3.2
>>>
>>> guess we ought to do the same?
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cinelerra-gg.org/pipermail/cin/attachments/20230915/0284d406/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Change-libwebp-to-1.3.2-autotools-build.patch
Type: application/x-patch
Size: 3339 bytes
Desc: not available
URL: <https://lists.cinelerra-gg.org/pipermail/cin/attachments/20230915/0284d406/attachment.bin>
More information about the Cin
mailing list