[Git][security-tracker-team/security-tracker][master] webkit2gtk upstream advisory WSA-2020-0008

[Alberto Garcia]

Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dc75e396 by Alberto Garcia at 2020-11-23T18:28:31+01:00
webkit2gtk upstream advisory WSA-2020-0008

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -37287,6 +37287,11 @@ CVE-2020-13585
 	RESERVED
 CVE-2020-13584
 	RESERVED
+	- webkit2gtk 2.30.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.30.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
 CVE-2020-13583
 	RESERVED
 CVE-2020-13582
@@ -47988,7 +47993,12 @@ CVE-2020-9985 (A buffer overflow issue was addressed with improved memory handli
 CVE-2020-9984 (An out-of-bounds read was addressed with improved input validation. Th ...)
 	NOT-FOR-US: Apple
 CVE-2020-9983 (An out-of-bounds write issue was addressed with improved bounds checki ...)
-	NOT-FOR-US: Safari
+	RESERVED
+	- webkit2gtk 2.30.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.30.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
 CVE-2020-9982 (This issue was addressed with improved checks to prevent unauthorized  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9981
@@ -48050,15 +48060,30 @@ CVE-2020-9954
 CVE-2020-9953
 	RESERVED
 CVE-2020-9952 (An input validation issue was addressed with improved input validation ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.28.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.28.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
 CVE-2020-9951 (A use after free issue was addressed with improved memory management.  ...)
-	NOT-FOR-US: Safari
+	RESERVED
+	- webkit2gtk 2.30.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.30.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
 CVE-2020-9950
 	RESERVED
 CVE-2020-9949
 	RESERVED
 CVE-2020-9948 (A type confusion issue was addressed with improved memory handling. Th ...)
-	NOT-FOR-US: Safari
+	RESERVED
+	- webkit2gtk 2.30.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+	- wpewebkit 2.30.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
 CVE-2020-9947
 	RESERVED
 CVE-2020-9946 (This issue was addressed with improved checks. This issue is fixed in  ...)


=====================================
data/DSA/list
=====================================
@@ -170,7 +170,7 @@
 	{CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659}
 	[buster] - thunderbird 1:68.11.0-1~deb10u1
 [03 Aug 2020] DSA-4739-1 webkit2gtk - security update
-	{CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925}
+	{CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9952}
 	[buster] - webkit2gtk 2.28.4-1~deb10u1
 [31 Jul 2020] DSA-4738-1 ark - security update
 	{CVE-2020-16116}


=====================================
data/dsa-needed.txt
=====================================
@@ -31,6 +31,8 @@ pdns-recursor
 --
 salt
 --
+webkit2gtk
+--
 xcftools
   Hugo proposed to work on this update
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc75e396a8945297b3f9e00adeb620e08560b32c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc75e396a8945297b3f9e00adeb620e08560b32c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201123/d69b664c/attachment-0001.html>