Univention Bugzilla – Bug 53441
libwebp: Multiple issues (5.0)
Last modified: 2021-06-16 17:36:04 CEST
New Debian libwebp 0.6.1-2+deb10u1 fixes: This update addresses the following issues: * out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009) * out-of-bounds read in ApplyFilter() (CVE-2018-25010) * heap-based buffer overflow in PutLE16() (CVE-2018-25011) * out-of-bounds read in ShiftBytes() (CVE-2018-25013) * use of uninitialized value in ReadSymbol() (CVE-2018-25014) * heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328) * use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329) * out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330) * out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331) * extreme memory allocation when reading a file (CVE-2020-36332)
--- mirror/ftp/pool/main/libw/libwebp/libwebp_0.6.1-2.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/libwebp_0.6.1-2+deb10u1.dsc @@ -1,3 +1,9 @@ +0.6.1-2+deb10u1 [Tue, 08 Jun 2021 00:04:01 +0200] Moritz Mühlenhoff <jmm@debian.org>: + + * CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2020-36328 + CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 + CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 + 0.6.1-2 [Thu, 01 Mar 2018 12:51:06 -0800] Jeff Breidenbach <jab@debian.org>: * Fix lintian warning on manpage <http://piuparts.knut.univention.de/5.0-0/#1319776104798529439>
*** Bug 53443 has been marked as a duplicate of this bug. ***
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x12>