[Git][security-tracker-team/security-tracker][master] webkit2gtk upstream advisory WSA-2021-0004

Alberto Garcia (@berto) berto at debian.org
Tue Jul 27 10:05:20 BST 2021 


Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44661813 by Alberto Garcia at 2021-07-27T11:04:58+02:00
webkit2gtk upstream advisory WSA-2021-0004

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -15691,14 +15691,26 @@ CVE-2021-30800
 	RESERVED
 CVE-2021-30799
 	RESERVED
+	- webkit2gtk 2.32.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30798
 	RESERVED
 CVE-2021-30797
 	RESERVED
+	- webkit2gtk 2.32.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30796
 	RESERVED
 CVE-2021-30795
 	RESERVED
+	- webkit2gtk 2.32.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30794
 	RESERVED
 CVE-2021-30793
@@ -15765,14 +15777,26 @@ CVE-2021-30763
 	RESERVED
 CVE-2021-30762
 	RESERVED
+	- webkit2gtk 2.28.0-2
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.28.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30761
 	RESERVED
+	- webkit2gtk 2.26.1-2
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.26.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30760
 	RESERVED
 CVE-2021-30759
 	RESERVED
 CVE-2021-30758
 	RESERVED
+	- webkit2gtk 2.32.2-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.2-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30757
 	RESERVED
 CVE-2021-30756
@@ -15791,6 +15815,10 @@ CVE-2021-30750
 	RESERVED
 CVE-2021-30749
 	RESERVED
+	- webkit2gtk 2.32.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30748
 	RESERVED
 CVE-2021-30747
@@ -15801,6 +15829,10 @@ CVE-2021-30745
 	RESERVED
 CVE-2021-30744
 	RESERVED
+	- webkit2gtk 2.32.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30743
 	RESERVED
 CVE-2021-30742
@@ -15821,6 +15853,10 @@ CVE-2021-30735
 	RESERVED
 CVE-2021-30734
 	RESERVED
+	- webkit2gtk 2.32.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30733
 	RESERVED
 CVE-2021-30732
@@ -15849,6 +15885,10 @@ CVE-2021-30721
 	RESERVED
 CVE-2021-30720
 	RESERVED
+	- webkit2gtk 2.32.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30719
 	RESERVED
 CVE-2021-30718
@@ -15911,6 +15951,10 @@ CVE-2021-30690
 	RESERVED
 CVE-2021-30689
 	RESERVED
+	- webkit2gtk 2.32.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30688
 	RESERVED
 CVE-2021-30687
@@ -15925,6 +15969,10 @@ CVE-2021-30683
 	RESERVED
 CVE-2021-30682
 	RESERVED
+	- webkit2gtk 2.32.0-2
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.0-2
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30681
 	RESERVED
 CVE-2021-30680
@@ -15957,16 +16005,32 @@ CVE-2021-30667
 	RESERVED
 CVE-2021-30666
 	RESERVED
+	- webkit2gtk 2.26.1-2
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.26.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30665
 	RESERVED
+	- webkit2gtk 2.32.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30664
 	RESERVED
 CVE-2021-30663
 	RESERVED
+	- webkit2gtk 2.32.3-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.32.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30662
 	RESERVED
 CVE-2021-30661
 	RESERVED
+	- webkit2gtk 2.30.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.30.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-30660
 	RESERVED
 CVE-2021-30659
@@ -37389,11 +37453,11 @@ CVE-2021-21781
 CVE-2021-21780
 	RESERVED
 CVE-2021-21779 (A use-after-free vulnerability exists in the way Webkit’s Graphi ...)
-	- webkit2gtk <unfixed>
+	- webkit2gtk 2.32.3-1
 	[bullseye] - webkit2gtk <postponed> (Fix along with next update round)
 	[buster] - webkit2gtk <postponed> (Fix along with next update round)
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
-	- wpewebkit <unfixed>
+	- wpewebkit 2.32.3-1
 	[bullseye] - wpewebkit <postponed> (Minor issue, fix along with next update)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238
 CVE-2021-21778
@@ -37403,11 +37467,11 @@ CVE-2021-21777 (An information disclosure vulnerability exists in the Ethernet/I
 CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format Buffer S ...)
 	NOT-FOR-US: ImageGear
 CVE-2021-21775 (A use-after-free vulnerability exists in the way certain events are pr ...)
-	- webkit2gtk <unfixed>
+	- webkit2gtk 2.32.3-1
 	[bullseye] - webkit2gtk <postponed> (Fix along with next update round)
 	[buster] - webkit2gtk <postponed> (Fix along with next update round)
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
-	- wpewebkit <unfixed>
+	- wpewebkit 2.32.3-1
 	[bullseye] - wpewebkit <postponed> (Minor issue, fix along with next update)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229
 CVE-2021-21774
@@ -45845,8 +45909,16 @@ CVE-2021-1827
 	RESERVED
 CVE-2021-1826
 	RESERVED
+	- webkit2gtk 2.30.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.30.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-1825
 	RESERVED
+	- webkit2gtk 2.30.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.30.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-1824
 	RESERVED
 CVE-2021-1823
@@ -45857,12 +45929,20 @@ CVE-2021-1821
 	RESERVED
 CVE-2021-1820
 	RESERVED
+	- webkit2gtk 2.30.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.30.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-1819
 	RESERVED
 CVE-2021-1818 (A logic issue was addressed with improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2021-1817
 	RESERVED
+	- webkit2gtk 2.30.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.30.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
 CVE-2021-1816
 	RESERVED
 CVE-2021-1815


=====================================
data/DSA/list
=====================================
@@ -62,7 +62,7 @@
 	{CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620}
 	[buster] - squid 4.6-1+deb10u6
 [30 May 2021] DSA-4923-1 webkit2gtk - security update
-	{CVE-2021-1788 CVE-2021-1844 CVE-2021-1871}
+	{CVE-2021-1788 CVE-2021-1844 CVE-2021-1871 CVE-2021-30682}
 	[buster] - webkit2gtk 2.32.1-1~deb10u1
 [29 May 2021] DSA-4922-1 hyperkitty - security update
 	{CVE-2021-33038}
@@ -199,7 +199,7 @@
 	{CVE-2021-27291}
 	[buster] - pygments 2.3.1+dfsg-1+deb10u2
 [27 Mar 2021] DSA-4877-1 webkit2gtk - security update
-	{CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1870 CVE-2021-21806}
+	{CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1870 CVE-2021-21806 CVE-2021-21806}
 	[buster] - webkit2gtk 2.30.6-1~deb10u1
 [25 Mar 2021] DSA-4876-1 thunderbird - security update
 	{CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-29950}
@@ -450,7 +450,7 @@
 	{CVE-2020-28984}
 	[buster] - spip 3.2.4-1+deb10u3
 [23 Nov 2020] DSA-4797-1 webkit2gtk - security update
-	{CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13543 CVE-2020-13584}
+	{CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13543 CVE-2020-13584 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-30661}
 	[buster] - webkit2gtk 2.30.3-1~deb10u1
 [21 Nov 2020] DSA-4796-1 thunderbird - security update
 	{CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968}
@@ -824,7 +824,7 @@
 	{CVE-2020-11651 CVE-2020-11652}
 	[stretch] - salt 2016.11.2+ds-1+deb9u4
 [07 May 2020] DSA-4681-1 webkit2gtk - security update
-	{CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902}
+	{CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2021-30762}
 	[buster] - webkit2gtk 2.28.2-2~deb10u1
 [06 May 2020] DSA-4680-1 tomcat9 - security update
 	{CVE-2019-10072 CVE-2019-12418 CVE-2019-17563 CVE-2019-17569 CVE-2020-1935 CVE-2020-1938}
@@ -1266,7 +1266,7 @@
 	[stretch] - proftpd-dfsg 1.3.5b-4+deb9u2
 	[buster] - proftpd-dfsg 1.3.6-4+deb10u2
 [04 Nov 2019] DSA-4558-1 webkit2gtk - security update
-	{CVE-2019-8625 CVE-2019-8720 CVE-2019-8769 CVE-2019-8771 CVE-2019-8710 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2019-8783 CVE-2019-8811 CVE-2019-8813 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823}
+	{CVE-2019-8625 CVE-2019-8720 CVE-2019-8769 CVE-2019-8771 CVE-2019-8710 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2019-8783 CVE-2019-8811 CVE-2019-8813 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2021-30666 CVE-2021-30761}
 	[buster] - webkit2gtk 2.26.1-3~deb10u1
 [31 Oct 2019] DSA-4557-1 libarchive - security update
 	{CVE-2019-18408}


=====================================
data/dsa-needed.txt
=====================================
@@ -49,3 +49,5 @@ trafficserver (jmm)
 --
 varnish
 --
+webkit2gtk
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44661813797f6c9405d5b26d98cbb54bd825e173

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44661813797f6c9405d5b26d98cbb54bd825e173
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210727/d199cd44/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list