27 Sep
2023
27 Sep
'23
8:45 p.m.
| Date: Sat, 23 Sep 2023 00:18:03 -0400 (EDT) | Subject: [GTALUG] why I like shared libraries -- no longer a popular position I posted earlier about two CVEs for one bug -- one for Safari and one for Chrome. I noted that the bug was in a library and, with static linking, in a lot of other programs. Well, a new, more comprehensive CVE has been released, two weeks late. <https://arstechnica.com/security/2023/09/google-quietly-corrects-previously-submitted-disclosure-for-critical-webp-0-day/> Since it is a "0-day" (i.e. already exploited in the real world), it is urgent that you update. Again. But we don't know when new versions of each affected program will be released.