[Git][security-tracker-team/security-tracker][master] webkit2gtk upstream advisory WSA-2020-0006

Fri Jul 10 14:57:22 BST 2020


Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a738913 by Alberto Garcia at 2020-07-10T15:56:46+02:00
webkit2gtk upstream advisory WSA-2020-0006

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4699,6 +4699,11 @@ CVE-2020-13755
 	RESERVED
 CVE-2020-13753
 	RESERVED
+	- webkit2gtk 2.28.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
 CVE-2020-13752
 	RESERVED
 CVE-2020-13751
@@ -15736,7 +15741,12 @@ CVE-2020-9852 (An integer overflow was addressed through improved input validati
 CVE-2020-9851 (An access issue was addressed with improved access restrictions. This  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
 CVE-2020-9849
 	RESERVED
 CVE-2020-9848 (An authorization issue was addressed with improved state management. T ...)
@@ -15750,7 +15760,12 @@ CVE-2020-9845
 CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...)
 	NOT-FOR-US: Apple
 CVE-2020-9843 (An input validation issue was addressed with improved input validation ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
 CVE-2020-9842 (This issue was addressed with improved checks. This issue is fixed in  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9841 (An integer overflow was addressed through improved input validation. T ...)
@@ -15822,17 +15837,42 @@ CVE-2020-9809 (An information disclosure issue was addressed with improved state
 CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...)
 	NOT-FOR-US: Apple
 CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
 CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
 CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
 CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
 CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
 CVE-2020-9801 (A logic issue was addressed with improved restrictions. This issue is  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9800 (A type confusion issue was addressed with improved memory handling. Th ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -33,6 +33,8 @@ squid (jmm)
 --
 teeworlds (jmm)
 --
+webkit2gtk
+--
 xcftools
   Hugo proposed to work on this update
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a7389134ed795cc90aa9fc2b2d6c46835b60b83

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a7389134ed795cc90aa9fc2b2d6c46835b60b83
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200710/cc7e9f7b/attachment-0001.html>
