[Git][security-tracker-team/security-tracker][master] webkit2gtk upstream advisory WSA-2022-0001

Alberto Garcia (@berto) berto at debian.org
Sat Jan 22 23:22:02 GMT 2022



Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2d6be0bc by Alberto Garcia at 2022-01-23T00:21:13+01:00
webkit2gtk upstream advisory WSA-2022-0001

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -47093,7 +47093,11 @@ CVE-2021-30986 (A device configuration issue was addressed with an updated confi
 CVE-2021-30985 (An out-of-bounds write issue was addressed with improved bounds checki ...)
 	NOT-FOR-US: Apple
 CVE-2021-30984 (A race condition was addressed with improved state handling. This issu ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.34.4-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.4-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
 CVE-2021-30983 (A buffer overflow issue was addressed with improved memory handling. T ...)
 	NOT-FOR-US: Apple
 CVE-2021-30982 (A race condition was addressed with improved locking. This issue is fi ...)
@@ -47153,13 +47157,29 @@ CVE-2021-30956
 CVE-2021-30955 (A race condition was addressed with improved state handling. This issu ...)
 	NOT-FOR-US: Apple
 CVE-2021-30954 (A type confusion issue was addressed with improved memory handling. Th ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.34.4-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.4-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
 CVE-2021-30953 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.34.4-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.4-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
 CVE-2021-30952 (An integer overflow was addressed with improved input validation. This ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.34.4-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.4-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
 CVE-2021-30951 (A use after free issue was addressed with improved memory management.  ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.34.4-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.4-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
 CVE-2021-30950 (A logic issue was addressed with improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2021-30949 (A memory corruption issue was addressed with improved state management ...)
@@ -47189,11 +47209,19 @@ CVE-2021-30938 (This issue was addressed with improved checks. This issue is fix
 CVE-2021-30937 (A memory corruption vulnerability was addressed with improved locking. ...)
 	NOT-FOR-US: Apple
 CVE-2021-30936 (A use after free issue was addressed with improved memory management.  ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.34.4-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.4-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
 CVE-2021-30935 (A logic issue was addressed with improved validation. This issue is fi ...)
 	NOT-FOR-US: Apple
 CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.34.4-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.34.4-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
 CVE-2021-30933
 	REJECTED
 CVE-2021-30932 (The issue was addressed with improved permissions logic. This issue is ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -63,3 +63,7 @@ uriparser
 --
 varnish (fw)
 --
+webkit2gtk
+--
+wpewebkit
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d6be0bc9c4f173432bd549f4ff9e1e50b926e49

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d6be0bc9c4f173432bd549f4ff9e1e50b926e49
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220122/63534f9f/attachment.htm>


More information about the debian-security-tracker-commits mailing list