[Git][security-tracker-team/security-tracker][master] webkit2gtk upstream advisory WSA-2020-0005

Alberto Garcia berto at debian.org
Mon Apr 27 18:22:08 BST 2020 


Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb642c1f by Alberto Garcia at 2020-04-27T19:21:39+02:00
webkit2gtk upstream advisory WSA-2020-0005

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -21490,13 +21490,33 @@ CVE-2020-3904 (Multiple memory corruption issues were addressed with improved st
 CVE-2020-3903 (A memory corruption issue was addressed with improved memory handling. ...)
 	NOT-FOR-US: Apple
 CVE-2020-3902 (An input validation issue was addressed with improved input validation ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.0-2
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
 CVE-2020-3901 (A type confusion issue was addressed with improved memory handling. Th ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.0-2
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
 CVE-2020-3900 (A memory corruption issue was addressed with improved memory handling. ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.0-2
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
 CVE-2020-3899 (A memory consumption issue was addressed with improved memory handling ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.2-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.2-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
 CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c]
 	RESERVED
 	- cups 2.3.1-12
@@ -21507,13 +21527,28 @@ CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in ppd-ma
 	NOTE: https://src.fedoraproject.org/rpms/cups/blob/c1920d09b842bd2d0611559d00d595abd8aa2424/f/cups-ppdopen-heap-overflow.patch
 	TODO: add commit once pushed to the https://github.com/apple/cups repo
 CVE-2020-3897 (A type confusion issue was addressed with improved memory handling. Th ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.0-2
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
 CVE-2020-3896
 	RESERVED
 CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.0-2
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
 CVE-2020-3894 (A race condition was addressed with additional validation. This issue  ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.0-2
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
 CVE-2020-3893 (A memory corruption issue was addressed with improved input validation ...)
 	NOT-FOR-US: Apple
 CVE-2020-3892 (A memory corruption issue was addressed with improved input validation ...)
@@ -21531,7 +21566,12 @@ CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issu
 CVE-2020-3886
 	RESERVED
 CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.0-2
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
 CVE-2020-3884 (An injection issue was addressed with improved validation. This issue  ...)
 	NOT-FOR-US: Apple
 CVE-2020-3883 (This issue was addressed with improved checks. This issue is fixed in  ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -50,5 +50,7 @@ tomcat9/stable
 --
 trafficserver (jmm)
 --
+webkit2gtk
+--
 xcftools (hle)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb642c1f9ba66be4d79aef8d2edfd79ed294797d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb642c1f9ba66be4d79aef8d2edfd79ed294797d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200427/d8500a6b/attachment.html>

More information about the debian-security-tracker-commits mailing list