[Git][security-tracker-team/security-tracker][master] new webkit issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
69c51299 by Moritz Muehlenhoff at 2021-12-21T13:11:57+01:00
new webkit issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -39511,19 +39511,34 @@ CVE-2021-30892 (An inherited permissions issue was addressed with additional res
 CVE-2021-30891
 	REJECTED
 CVE-2021-30890 (A logic issue was addressed with improved state management. This issue ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.34.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
 CVE-2021-30889 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.34.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.1-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
 CVE-2021-30888 (An information leakage issue was addressed. This issue is fixed in iOS ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.34.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.1-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
 CVE-2021-30887 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.34.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
 CVE-2021-30886 (A use after free issue was addressed with improved memory management.  ...)
 	NOT-FOR-US: Apple
 CVE-2021-30885
 	REJECTED
 CVE-2021-30884 (The issue was resolved with additional restrictions on CSS compositing ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.34.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.1-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
 CVE-2021-30883 (A memory corruption issue was addressed with improved memory handling. ...)
 	NOT-FOR-US: Apple
 CVE-2021-30882 (A logic issue was addressed with improved validation. This issue is fi ...)
@@ -39641,7 +39656,10 @@ CVE-2021-30838 (A memory corruption issue was addressed with improved memory han
 CVE-2021-30837 (A memory consumption issue was addressed with improved memory handling ...)
 	NOT-FOR-US: Apple
 CVE-2021-30836 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.32.4-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.4-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
 CVE-2021-30835 (This issue was addressed with improved checks. This issue is fixed in  ...)
 	NOT-FOR-US: Apple
 CVE-2021-30834 (A logic issue was addressed with improved state management. This issue ...)
@@ -39667,7 +39685,10 @@ CVE-2021-30825 (This issue was addressed with improved checks. This issue is fix
 CVE-2021-30824 (A memory corruption issue was addressed with improved state management ...)
 	NOT-FOR-US: Apple
 CVE-2021-30823 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.34.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.1-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
 CVE-2021-30822
 	RESERVED
 CVE-2021-30821 (A memory corruption issue was addressed with improved memory handling. ...)
@@ -39677,7 +39698,10 @@ CVE-2021-30820 (A logic issue was addressed with improved state management. This
 CVE-2021-30819 (An out-of-bounds read was addressed with improved input validation. Th ...)
 	NOT-FOR-US: Apple
 CVE-2021-30818 (A type confusion issue was addressed with improved state handling. Thi ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.34.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.1-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
 CVE-2021-30817 (A permissions issue was addressed with improved validation. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2021-30816 (The issue was addressed with improved permissions logic. This issue is ...)
@@ -39695,7 +39719,10 @@ CVE-2021-30811 (This issue was addressed with improved checks. This issue is fix
 CVE-2021-30810 (An authorization issue was addressed with improved state management. T ...)
 	NOT-FOR-US: Apple
 CVE-2021-30809 (A use after free issue was addressed with improved memory management.  ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.32.4-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.4-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
 CVE-2021-30808 (This issue was addressed with improved checks. This issue is fixed in  ...)
 	NOT-FOR-US: Apple
 CVE-2021-30807 (A memory corruption issue was addressed with improved memory handling. ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -65,6 +65,10 @@ trafficserver (jmm)
 --
 varnish
 --
+webkit2gtk
+--
+wpewebkit/stable
+--
 xorg-server (carnil)
   Maintainer preparing updates
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69c51299dea51ac6a165ae6fa21f658bcc89481c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69c51299dea51ac6a165ae6fa21f658bcc89481c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211221/b3345db9/attachment.htm>