[Git][security-tracker-team/security-tracker][master] Update information form WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011

Wed Dec 28 06:54:19 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e770ba8 by Salvatore Bonaccorso at 2022-12-28T07:53:44+01:00
Update information form WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5224,11 +5224,17 @@ CVE-2022-46702 (The issue was addressed with improved memory handling. This issu
 CVE-2022-46701 (The issue was addressed with improved bounds checks. This issue is fix ...)
 	NOT-FOR-US: Apple
 CVE-2022-46700 (A memory corruption issue was addressed with improved input validation ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.38.3-1
+	- wpewebkit 2.38.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0011.html
 CVE-2022-46699 (A memory corruption issue was addressed with improved state management ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.38.3-1
+	- wpewebkit 2.38.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0011.html
 CVE-2022-46698 (A logic issue was addressed with improved checks. This issue is fixed  ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.38.3-1
+	- wpewebkit 2.38.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0011.html
 CVE-2022-46697 (An out-of-bounds access issue was addressed with improved bounds check ...)
 	NOT-FOR-US: Apple
 CVE-2022-46696 (A memory corruption issue was addressed with improved input validation ...)
@@ -5240,9 +5246,13 @@ CVE-2022-46694 (An out-of-bounds write issue was addressed with improved input v
 CVE-2022-46693 (An out-of-bounds write issue was addressed with improved input validat ...)
 	NOT-FOR-US: Apple
 CVE-2022-46692 (A logic issue was addressed with improved state management. This issue ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.38.3-1
+	- wpewebkit 2.38.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0011.html
 CVE-2022-46691 (A memory consumption issue was addressed with improved memory handling ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.38.1-1
+	- wpewebkit 2.38.1-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0011.html
 CVE-2022-46690 (An out-of-bounds write issue was addressed with improved input validat ...)
 	NOT-FOR-US: Apple
 CVE-2022-46689 (A race condition was addressed with additional validation. This issue  ...)
@@ -18905,7 +18915,9 @@ CVE-2022-3459
 CVE-2022-3458 (A vulnerability has been found in SourceCodester Human Resource Manage ...)
 	NOT-FOR-US: SourceCodester
 CVE-2022-42867 (A use after free issue was addressed with improved memory management.  ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.38.3-1
+	- wpewebkit 2.38.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0011.html
 CVE-2022-42866 (The issue was addressed with improved handling of caches. This issue i ...)
 	NOT-FOR-US: Apple
 CVE-2022-42865 (This issue was addressed by enabling hardened runtime. This issue is f ...)
@@ -18913,7 +18925,9 @@ CVE-2022-42865 (This issue was addressed by enabling hardened runtime. This issu
 CVE-2022-42864 (A race condition was addressed with improved state handling. This issu ...)
 	NOT-FOR-US: Apple
 CVE-2022-42863 (A memory corruption issue was addressed with improved state management ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.38.0-1
+	- wpewebkit 2.38.0-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0011.html
 CVE-2022-42862 (This issue was addressed by removing the vulnerable code. This issue i ...)
 	NOT-FOR-US: Apple
 CVE-2022-42861 (This issue was addressed with improved checks. This issue is fixed in  ...)
@@ -18927,7 +18941,9 @@ CVE-2022-42858
 CVE-2022-42857
 	RESERVED
 CVE-2022-42856 (A type confusion issue was addressed with improved state handling. Thi ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.38.3-1
+	- wpewebkit 2.38.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0011.html
 CVE-2022-42855 (A logic issue was addressed with improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2022-42854 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -18935,7 +18951,9 @@ CVE-2022-42854 (The issue was addressed with improved memory handling. This issu
 CVE-2022-42853 (An access issue was addressed with improved access restrictions. This  ...)
 	NOT-FOR-US: Apple
 CVE-2022-42852 (The issue was addressed with improved memory handling. This issue is f ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.38.3-1
+	- wpewebkit 2.38.3-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0011.html
 CVE-2022-42851 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple
 CVE-2022-42850 (The issue was addressed with improved memory handling. This issue is f ...)


=====================================
data/DLA/list
=====================================
@@ -199,7 +199,7 @@
 	{CVE-2022-40149}
 	[buster] - libjettison-java 1.4.0-1+deb10u1
 [09 Nov 2022] DLA-3183-1 webkit2gtk - security update
-	{CVE-2022-42799 CVE-2022-42823 CVE-2022-42824}
+	{CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVE-2022-46691}
 	[buster] - webkit2gtk 2.38.2-1~deb10u1
 [08 Nov 2022] DLA-3182-1 vim - security update
 	{CVE-2021-3927 CVE-2021-3928 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4192 CVE-2021-4193 CVE-2022-0213 CVE-2022-0261 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0408 CVE-2022-0413 CVE-2022-0417 CVE-2022-0443 CVE-2022-0554 CVE-2022-0572 CVE-2022-0685 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1154 CVE-2022-1616 CVE-2022-1720 CVE-2022-1851 CVE-2022-1898 CVE-2022-1968 CVE-2022-2285 CVE-2022-2304 CVE-2022-2598 CVE-2022-2946 CVE-2022-3099 CVE-2022-3134 CVE-2022-3234 CVE-2022-3324 CVE-2022-3705 CVE-2021-3872}
@@ -370,7 +370,7 @@
 	{CVE-2020-25708 CVE-2020-29260}
 	[buster] - libvncserver 0.9.11+dfsg-1.3+deb10u5
 [29 Sep 2022] DLA-3124-1 webkit2gtk - security update
-	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923}
+	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
 	[buster] - webkit2gtk 2.38.0-1~deb10u1
 [27 Sep 2022] DLA-3123-1 thunderbird - security update
 	{CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}


=====================================
data/DSA/list
=====================================
@@ -96,10 +96,10 @@
 	{CVE-2022-3885 CVE-2022-3886 CVE-2022-3887 CVE-2022-3888 CVE-2022-3889 CVE-2022-3890}
 	[bullseye] - chromium 107.0.5304.110-1~deb11u1
 [08 Nov 2022] DSA-5274-1 wpewebkit - security update
-	{CVE-2022-42799 CVE-2022-42823 CVE-2022-42824}
+	{CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVE-2022-46691}
 	[bullseye] - wpewebkit 2.38.2-1~deb11u1
 [08 Nov 2022] DSA-5273-1 webkit2gtk - security update
-	{CVE-2022-42799 CVE-2022-42823 CVE-2022-42824}
+	{CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVE-2022-46691}
 	[bullseye] - webkit2gtk 2.38.2-1~deb11u1
 [06 Nov 2022] DSA-5272-1 xen - security update
 	{CVE-2022-33745 CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42324 CVE-2022-42325 CVE-2022-42326}
@@ -196,10 +196,10 @@
 	{CVE-2022-29599}
 	[bullseye] - maven-shared-utils 3.3.0-1+deb11u1
 [28 Sep 2022] DSA-5241-1 wpewebkit - security update
-	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923}
+	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
 	[bullseye] - wpewebkit 2.38.0-1~deb11u1
 [28 Sep 2022] DSA-5240-1 webkit2gtk - security update
-	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923}
+	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
 	[bullseye] - webkit2gtk 2.38.0-1~deb11u1
 [27 Sep 2022] DSA-5239-1 gdal - security update
 	{CVE-2021-45943}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e770ba84c768bce5bfb1f48db174b5d3dab3faf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e770ba84c768bce5bfb1f48db174b5d3dab3faf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221228/50145463/attachment-0001.htm>
