[Cin] CVE in libwebp

Phyllis Smith phylsmith2017 at gmail.com
Fri Sep 15 21:01:19 CEST 2023


I will check the patch, hopefully today.  I am really getting behind again!

On Fri, Sep 15, 2023 at 12:23 PM Andrew Randrianasulu <
randrianasulu at gmail.com> wrote:

> can you check this attached patch with libwebp downloaded from
>
> https://github.com/webmproject/libwebp/archive/refs/tags/v1.3.2.tar.gz
>
> just rename to libwebp-1.3.2.tar.gz and put in thirdparty/src
>
>
>
>
>
> пт, 15 сент. 2023 г., 18:31 Andrew Randrianasulu <randrianasulu at gmail.com
> >:
>
>>
>>
>> пт, 15 сент. 2023 г., 18:26 Phyllis Smith <phylsmith2017 at gmail.com>:
>>
>>> libwebp is currently at version 1.1.0 for a reason:  it requires cmake
>>> 3.5 and older versions of ubuntu as well as some other older O/S do not
>>> have that.  This is documented in the manual with the suggestion of users
>>> who want an upgrade will have to first upgrade cmake to 3.5.  BUT by now it
>>> may even require a later version of cmake (not sure).\
>>>
>>
>> At least 1.2.4 (with this bug fixed) still contain autogen.sh/configure
>> script?
>>
>> https://github.com/webmproject/libwebp/tree/1.2.4
>>
>> so may be we can switch our build to this scheme ...
>>
>>
>>> On Fri, Sep 15, 2023 at 7:01 AM Andrew Randrianasulu <
>>> randrianasulu at gmail.com> wrote:
>>>
>>>>
>>>> https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
>>>>
>>>> so far Slackware 15.0 bumped libwebp to 1.3.2
>>>>
>>>> guess we ought to do the same?
>>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cinelerra-gg.org/pipermail/cin/attachments/20230915/ef0447fb/attachment-0001.htm>


More information about the Cin mailing list