StarlingX

  1. Bug #1954722
  2. Comment #6

Comment 6 for bug 1954722

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (r/stx.6.0)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/823450
Committed: https://opendev.org/starlingx/tools/commit/d4217c205cd89474d7ce0dcf530616c9c81f0765
Submitter: "Zuul (22348)"
Branch: r/stx.6.0

commit d4217c205cd89474d7ce0dcf530616c9c81f0765
Author: Joe Slater <email address hidden>
Date: Wed Dec 22 13:02:54 2021 -0500

    libwebp: fix CVE-2018-25011, CVE-2020-36328, CVE-2020-36329

    CVE-2018-25011: libwebp: heap-based buffer overflow
    CVE-2020-36328: libwebp: heap-based buffer overflow
    CVE-2020-36329: libwebp: use-after-free

    Testing

    build-pkgs; build-iso (unused); create designer patch
    install patch
    run sanity test (PASS)
    remove patch
    run sanity test (PASS)

    ---sanity test ---
    #!/bin/python
    from PIL import Image
    im = Image.open("/usr/share/backgrounds/day.jpg")
    # create webp format file
    im.save("day.webp")
    ---

    Closes-Bug: 1954722
    Signed-off-by: Joe Slater <email address hidden>
    Change-Id: I22ac6bd3b8399c6b16729201a0a4e05e631b5575
    (cherry picked from commit ea942842dd153fc11c9da7112c444a181c8f97f0)