nixpkgs

mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-20 20:53:48 +00:00

History

Pierre Bourdon 0f11042876 libwebp: cherry-pick suspected upstream fix for CVE-2023-4863 This CVE is critical severity and has been exploited in the wild. It was reported as being a Chromium vulnerability, but it seems to in fact impact libwebp (and thus all its downstream users). There is however no official confirmation of this yet. The upstream fix patch (webmproject/libwebp@902bc919) does not cleanly apply onto 1.3.1, so we vendor a very slightly modified version which does cleanly apply. This is my original work, so YMMV on whether you trust it or not, reviews very much welcomed :-)	2023-09-12 17:31:29 +02:00
..
CVE-2023-4863.patch	libwebp: cherry-pick suspected upstream fix for CVE-2023-4863	2023-09-12 17:31:29 +02:00
default.nix	libwebp: cherry-pick suspected upstream fix for CVE-2023-4863	2023-09-12 17:31:29 +02:00

libwebp: cherry-pick suspected upstream fix for CVE-2023-4863

This CVE is critical severity and has been exploited in the wild. It was
reported as being a Chromium vulnerability, but it seems to in fact
impact libwebp (and thus all its downstream users). There is however no
official confirmation of this yet.

The upstream fix patch (webmproject/libwebp@902bc919) does not cleanly
apply onto 1.3.1, so we vendor a very slightly modified version which
does cleanly apply. This is my original work, so YMMV on whether you
trust it or not, reviews very much welcomed :-)

2023-09-12 17:31:29 +02:00

CVE-2023-4863.patch

libwebp: cherry-pick suspected upstream fix for CVE-2023-4863

2023-09-12 17:31:29 +02:00

default.nix

libwebp: cherry-pick suspected upstream fix for CVE-2023-4863

2023-09-12 17:31:29 +02:00