[Git][security-tracker-team/security-tracker][master] webkit2gtk upstream advisory WSA-2022-0001
Alberto Garcia (@berto)
berto at debian.org
Sat Jan 22 23:22:02 GMT 2022
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2d6be0bc by Alberto Garcia at 2022-01-23T00:21:13+01:00
webkit2gtk upstream advisory WSA-2022-0001
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -47093,7 +47093,11 @@ CVE-2021-30986 (A device configuration issue was addressed with an updated confi
CVE-2021-30985 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
CVE-2021-30984 (A race condition was addressed with improved state handling. This issu ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
CVE-2021-30983 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
CVE-2021-30982 (A race condition was addressed with improved locking. This issue is fi ...)
@@ -47153,13 +47157,29 @@ CVE-2021-30956
CVE-2021-30955 (A race condition was addressed with improved state handling. This issu ...)
NOT-FOR-US: Apple
CVE-2021-30954 (A type confusion issue was addressed with improved memory handling. Th ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
CVE-2021-30953 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
CVE-2021-30952 (An integer overflow was addressed with improved input validation. This ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
CVE-2021-30951 (A use after free issue was addressed with improved memory management. ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
CVE-2021-30950 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2021-30949 (A memory corruption issue was addressed with improved state management ...)
@@ -47189,11 +47209,19 @@ CVE-2021-30938 (This issue was addressed with improved checks. This issue is fix
CVE-2021-30937 (A memory corruption vulnerability was addressed with improved locking. ...)
NOT-FOR-US: Apple
CVE-2021-30936 (A use after free issue was addressed with improved memory management. ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
CVE-2021-30935 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handling. T ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
CVE-2021-30933
REJECTED
CVE-2021-30932 (The issue was addressed with improved permissions logic. This issue is ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -63,3 +63,7 @@ uriparser
--
varnish (fw)
--
+webkit2gtk
+--
+wpewebkit
+--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d6be0bc9c4f173432bd549f4ff9e1e50b926e49
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d6be0bc9c4f173432bd549f4ff9e1e50b926e49
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220122/63534f9f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list