[Git][security-tracker-team/security-tracker][master] webkit2gtk upstream advisory WSA-2021-0002

Mon Mar 22 20:56:34 GMT 2021


Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f728f17c by Alberto Garcia at 2021-03-22T21:55:00+01:00
webkit2gtk upstream advisory WSA-2021-0002

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -24248,6 +24248,10 @@ CVE-2021-1871
 	RESERVED
 CVE-2021-1870
 	RESERVED
+	- webkit2gtk 2.30.6-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.30.6-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
 CVE-2021-1869
 	RESERVED
 CVE-2021-1868
@@ -24386,10 +24390,18 @@ CVE-2021-1802
 	RESERVED
 CVE-2021-1801
 	RESERVED
+	- webkit2gtk 2.30.6-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.30.6-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
 CVE-2021-1800
 	RESERVED
 CVE-2021-1799
 	RESERVED
+	- webkit2gtk 2.30.6-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.30.6-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
 CVE-2021-1798
 	RESERVED
 CVE-2021-1797
@@ -24410,6 +24422,10 @@ CVE-2021-1790
 	RESERVED
 CVE-2021-1789
 	RESERVED
+	- webkit2gtk 2.30.6-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.30.6-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
 CVE-2021-1788
 	RESERVED
 CVE-2021-1787
@@ -24458,6 +24474,10 @@ CVE-2021-1766
 	RESERVED
 CVE-2021-1765
 	RESERVED
+	- webkit2gtk 2.30.6-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.30.6-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
 CVE-2021-1764
 	RESERVED
 CVE-2021-1763
@@ -24581,6 +24601,10 @@ CVE-2020-29624
 	RESERVED
 CVE-2020-29623
 	RESERVED
+	- webkit2gtk 2.30.6-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.30.6-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
 CVE-2020-29622
 	RESERVED
 CVE-2020-29621
@@ -31411,7 +31435,11 @@ CVE-2020-27920
 CVE-2020-27919
 	RESERVED
 CVE-2020-27918 (A use after free issue was addressed with improved memory management.  ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.30.6-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.30.6-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
 CVE-2020-27917 (A use after free issue was addressed with improved memory management.  ...)
 	NOT-FOR-US: Apple
 CVE-2020-27916 (An out-of-bounds write was addressed with improved input validation. T ...)
@@ -75454,7 +75482,11 @@ CVE-2020-9948 (A type confusion issue was addressed with improved memory handlin
 	- wpewebkit 2.30.0-1
 	NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
 CVE-2020-9947 (A use after free issue was addressed with improved memory management.  ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.30.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.30.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
 CVE-2020-9946 (This issue was addressed with improved checks. This issue is fixed in  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9945 (A spoofing issue existed in the handling of URLs. This issue was addre ...)


=====================================
data/DSA/list
=====================================
@@ -235,7 +235,7 @@
 	{CVE-2020-28984}
 	[buster] - spip 3.2.4-1+deb10u3
 [23 Nov 2020] DSA-4797-1 webkit2gtk - security update
-	{CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13543 CVE-2020-13584}
+	{CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13543 CVE-2020-13584}
 	[buster] - webkit2gtk 2.30.3-1~deb10u1
 [21 Nov 2020] DSA-4796-1 thunderbird - security update
 	{CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968}


=====================================
data/dsa-needed.txt
=====================================
@@ -38,6 +38,8 @@ squid (jmm)
 --
 tomcat9
 --
+webkit2gtk
+--
 xen (jmm)
   will be held back to sync with next kernel update
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f728f17ce8f72001c16b5bfe01718d77ca3023fa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f728f17ce8f72001c16b5bfe01718d77ca3023fa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210322/934d4477/attachment-0001.htm>
