Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
[r19.09] libvpx: add patches for CVE-2019-9232, CVE-2019-9325, CVE-2019-9371, CVE-2019-9433 #74751
Motivation for this change
Backports sourced from debian package
For master, see #60826
…CVE-2019-9433 backports sourced from debian package 1.7.0-3+deb10u1, included in-repo as file is not available on sources.debian.org or salsa.debian.org
Incidentally, I'll just add a note on how I'm running the libvpx
OK updated, I have checked that according to Debian all 4 CVEs listed are fixed by those patches.
Remaining is only what's fixed by
Is that also one of the CVEs?
This seems to come from e.g.
which I got linked from https://release.debian.org/proposed-updates/stable.html.
nh2 left a comment
I have double-checked that the changes in here are the same as in Debian and that they are intended to fix the 4 CVEs involved.
I have not double-checked whether Debian's changes are sensible or if they are fully equivalent to the upstream (non-backport) commits listed in #60826 (comment)