[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2022-0004

Alberto Garcia (@berto) berto at debian.org
Fri Apr 8 15:31:33 BST 2022 


Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dcfe145f by Alberto Garcia at 2022-04-08T16:31:06+02:00
webkit2gtk / wpewebkit upstream advisory WSA-2022-0004

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18345,8 +18345,12 @@ CVE-2022-22639 (A logic issue was addressed with improved state management. This
 	NOT-FOR-US: Apple
 CVE-2022-22638 (A null pointer dereference was addressed with improved validation. Thi ...)
 	NOT-FOR-US: Apple
-CVE-2022-22637
+CVE-2022-22637 [A logic issue was addressed with improved state management]
 	RESERVED
+	- webkit2gtk 2.34.4-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.4-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0004.html
 CVE-2022-22636 (An out-of-bounds write issue was addressed with improved bounds checki ...)
 	NOT-FOR-US: Apple
 CVE-2022-22635 (An out-of-bounds write issue was addressed with improved bounds checki ...)
@@ -18361,18 +18365,30 @@ CVE-2022-22631 (An out-of-bounds write issue was addressed with improved bounds
 	NOT-FOR-US: Apple
 CVE-2022-22630
 	RESERVED
-CVE-2022-22629
+CVE-2022-22629 [A buffer overflow issue was addressed with improved memory handling]
 	RESERVED
-CVE-2022-22628
+	- webkit2gtk 2.36.0-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.36.0-2
+	NOTE: https://webkitgtk.org/security/WSA-2022-0004.html
+CVE-2022-22628 [A use after free issue was addressed with improved memory management]
 	RESERVED
+	- webkit2gtk 2.36.0-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.36.0-2
+	NOTE: https://webkitgtk.org/security/WSA-2022-0004.html
 CVE-2022-22627 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
 	NOT-FOR-US: Apple
 CVE-2022-22626 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
 	NOT-FOR-US: Apple
 CVE-2022-22625 (An out-of-bounds read was addressed with improved input validation. Th ...)
 	NOT-FOR-US: Apple
-CVE-2022-22624
+CVE-2022-22624 [A use after free issue was addressed with improved memory management]
 	RESERVED
+	- webkit2gtk 2.36.0-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.36.0-2
+	NOTE: https://webkitgtk.org/security/WSA-2022-0004.html
 CVE-2022-22623 (Multiple issues were addressed by updating to curl version 7.79.1. Thi ...)
 	NOT-FOR-US: Apple
 CVE-2022-22622 (This issue was addressed with improved checks. This issue is fixed in  ...)


=====================================
data/DSA/list
=====================================
@@ -197,10 +197,10 @@
 	[buster] - nss 2:3.42.1-1+deb10u5
 	[bullseye] - nss 2:3.61-1+deb11u2
 [25 Jan 2022] DSA-5061-1 wpewebkit - security update
-	{CVE-2022-22594 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984}
+	{CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2022-22594 CVE-2022-22637}
 	[bullseye] - wpewebkit 2.34.4-1~deb11u1
 [25 Jan 2022] DSA-5060-1 webkit2gtk - security update
-	{CVE-2022-22594 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984}
+	{CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2022-22594 CVE-2022-22637}
 	[buster] - webkit2gtk 2.34.4-1~deb10u1
 	[bullseye] - webkit2gtk 2.34.4-1~deb11u1
 [25 Jan 2022] DSA-5059-1 policykit-1 - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcfe145f41bba1403a45780c866f315df4a92ecb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcfe145f41bba1403a45780c866f315df4a92ecb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220408/fac876b6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list