LibreOffice Viewer: Mention libwebp CVE-2023-4863 for older versions

... as requested in [1]. LibreOffice versions from 7.4 on have been using libwebp, so are presumably affected. libwebp has been updated in 7.6.2, so that one is no longer affected. [2] [3] [1] https://gitlab.com/fdroid/fdroiddata/-/merge_requests/13777#note_1581068714 [2] https://bugs.documentfoundation.org/show_bug.cgi?id=157231 [3] https://blog.documentfoundation.org/blog/2023/09/26/lo-762-and-lo-757/
2026-05-19 20:29:15 +00:00 · 2023-09-27 20:06:06 +02:00 · 2023-09-27 20:06:06 +02:00 · 8b20c05419
commit 8b20c05419
parent 76e6fcbeef
1 changed files with 30 additions and 0 deletions
--- a/metadata/org.documentfoundation.libreoffice.yml
+++ b/metadata/org.documentfoundation.libreoffice.yml
@ -449,6 +449,9 @@ Builds:
      - rm -rf workdir instdir
      - make
    ndk: r22b
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)

  - versionName: 7.6.0.0.alpha0+/d6c54b3d4ee7/F-Droid-editing
    versionCode: 17
@ -524,6 +527,9 @@ Builds:
      - rm -rf workdir instdir
      - make
    ndk: r22b
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)

  - versionName: 7.6.0.0.alpha1+/5c1c768e128d/F-Droid-editing
    versionCode: 18
@ -600,6 +606,9 @@ Builds:
      - rm -rf workdir instdir
      - make
    ndk: r23c
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)

  - versionName: 7.6.0.0.alpha1+/5c1c768e128d/F-Droid-editing
    versionCode: 19
@ -676,6 +685,9 @@ Builds:
      - rm -rf workdir instdir
      - make
    ndk: r23c
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)

  - versionName: 7.6.0.0.alpha1+/5c1c768e128d/F-Droid-editing
    versionCode: 20
@ -752,6 +764,9 @@ Builds:
      - rm -rf workdir instdir
      - make
    ndk: r23c
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)

  - versionName: 7.6.0.0.alpha1+/5c1c768e128d/F-Droid-editing
    versionCode: 21
@ -828,6 +843,9 @@ Builds:
      - rm -rf workdir instdir
      - make
    ndk: r23c
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)

  - versionName: 7.6.0.3/69edd8b8ebc4/F-Droid-editing
    versionCode: 22
@ -904,6 +922,9 @@ Builds:
      - rm -rf workdir instdir
      - make
    ndk: 23.2.8568313
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)

  - versionName: 7.6.0.3/69edd8b8ebc4/F-Droid-editing
    versionCode: 23
@ -980,6 +1001,9 @@ Builds:
      - rm -rf workdir instdir
      - make
    ndk: 23.2.8568313
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)

  - versionName: 7.6.0.3/69edd8b8ebc4/F-Droid-editing
    versionCode: 24
@ -1056,6 +1080,9 @@ Builds:
      - rm -rf workdir instdir
      - make
    ndk: 23.2.8568313
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)

  - versionName: 7.6.0.3/69edd8b8ebc4/F-Droid-editing
    versionCode: 25
@ -1132,6 +1159,9 @@ Builds:
      - rm -rf workdir instdir
      - make
    ndk: 23.2.8568313
+    antifeatures:
+      KnownVuln:
+        en-US: Vulnerability in handling WebP images (CVE-2023-4863)

  - versionName: 7.6.2.1/56f768401134/F-Droid-editing
    versionCode: 26