[BUG] SkiaSharp vulnerable to CVE-2023-4863
Closed this issue · 3 comments
foxyPL commented
Describe the bug
SkiaSharp vendors (via mono/skia) a version of libwebp that is vulnerable to GHSA-j7hp-h8jx-5ppr.
[BUG] SkiaSharp vendors libwebp vulnerable to CVE-2023-4863
Please:
Update SkiaSharp version which isn't vulnerable to GHSA-j7hp-h8jx-5ppr anymore.
Patched versions are:
- 3.x alpha and this is version 3.0.0-alpha.1.27 on the feed https://aka.ms/skiasharp-eap/index.json
- 2.x stable and this is version 2.88.6 and this is on nuget: https://www.nuget.org/packages/SkiaSharp/2.88.6
To Reproduce
n/a
Expected behavior
n/a
Screenshots
n/a
Desktop (please complete the following information):
n/a
Smartphone (please complete the following information):
n/a
Additional context
n/a
martin-meissnitzer-AP commented
@quicoli Any plans to release the version with the updated dependency (which is already in the develop branch)?
quicoli commented
Hi!
I'll do it in 2 days.
…________________________________
From: Martin Meissnitzer ***@***.***>
Sent: Monday, September 16, 2024 3:01:50 PM
To: quicoli/LottieSharp ***@***.***>
Cc: Paulo Quicoli ***@***.***>; Mention ***@***.***>
Subject: Re: [quicoli/LottieSharp] [BUG] SkiaSharp vulnerable to CVE-2023-4863 (Issue #71)
@quicoli<https://github.com/quicoli> Any plans to release the version with the updated dependency (which is already in the develop branch)?
—
Reply to this email directly, view it on GitHub<#71 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AB775DYPXT25S7SCQQS3WSTZW3QE5AVCNFSM6AAAAABCBUI43GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNJTGAYTIMJVHA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
quicoli commented
@martin-meissnitzer-AP , released version 2.4 with the updated packages + support to .net 8.