WebRTC depends on libvpx for the implementation of the VP8 and VP9 video codecs. The fix for CVE-2023-5217 was imported into WebRTC on Sept 28th and is included in WebRTC branch https://webrtc.googlesource.com/src/+log/branch-heads/6045. Due to the way in which webrtc uses libvpx, we believe that standalone webrtc isn’t directly affected by this vulnerability, but we nevertheless recommend upgrading to a recent version of the library.
Some general comments on how dependencies are handled in WebRTC:
The WebRTC DEPS file pins dependencies (including libvpx) to specific revisions, e.g.
https://source.chromium.org/chromium/chromium/src/+/main:third_party/webrtc/DEPS;l=300;drc=08d6197b9e44814bd719d1597eb31c1deb2b7068--
This list falls under the WebRTC Code of Conduct - https://webrtc.org/support/code-of-conduct.
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/6ed18a19-05ae-49b8-9df8-230a2e11bcb9n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/CAOqqYVG1mm_Ys%3DkG03xVgWr6uV6mULZNzNk7r%2BJE17UgHAPn6w%40mail.gmail.com.
You received this message because you are subscribed to a topic in the Google Groups "discuss-webrtc" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/discuss-webrtc/ZWZcVOAq7ws/unsubscribe.
To unsubscribe from this group and all its topics, send an email to discuss-webrt...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/71e0552a-6cb2-4598-91c5-d20c21bac8fen%40googlegroups.com.