[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2022-0006

[Alberto Garcia (@berto)]

Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2616bb6b by Alberto Garcia at 2022-07-06T11:46:15+02:00
webkit2gtk / wpewebkit upstream advisory WSA-2022-0006

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23761,6 +23761,10 @@ CVE-2022-26711 (An integer overflow issue was addressed with improved input vali
 	NOT-FOR-US: Apple
 CVE-2022-26710
 	RESERVED
+	- webkit2gtk 2.36.4-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.36.4-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0006.html
 CVE-2022-26709
 	RESERVED
 	{DSA-5155-1 DSA-5154-1}
@@ -37169,6 +37173,10 @@ CVE-2021-4200 (A Improper Privilege Management vulnerability in SUSE Rancher all
 	NOT-FOR-US: Rancher
 CVE-2022-22677
 	RESERVED
+	- webkit2gtk 2.36.4-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.36.4-1
+	NOTE: https://webkitgtk.org/security/WSA-2022-0006.html
 CVE-2022-22676 (An event handler validation issue in the XPC Services API was addresse ...)
 	NOT-FOR-US: Apple
 CVE-2022-22675 (An out-of-bounds write issue was addressed with improved bounds checki ...)
@@ -37198,7 +37206,11 @@ CVE-2022-22664 (An out-of-bounds read was addressed with improved bounds checkin
 CVE-2022-22663 (This issue was addressed with improved checks to prevent unauthorized  ...)
 	NOT-FOR-US: Apple
 CVE-2022-22662 (A cookie management issue was addressed with improved state management ...)
-	NOT-FOR-US: Apple
+	RESERVED
+	- webkit2gtk 2.36.0-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.36.0-2
+	NOTE: https://webkitgtk.org/security/WSA-2022-0006.html
 CVE-2022-22661 (A type confusion issue was addressed with improved state handling. Thi ...)
 	NOT-FOR-US: Apple
 CVE-2022-22660 (This issue was addressed with a new entitlement. This issue is fixed i ...)


=====================================
data/DSA/list
=====================================
@@ -215,10 +215,10 @@
 	{CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361}
 	[bullseye] - xen 4.14.4+74-gd7b22226b5-1
 [08 Apr 2022] DSA-5116-1 wpewebkit - security update
-	{CVE-2022-22624 CVE-2022-22628 CVE-2022-22629}
+	{CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662}
 	[bullseye] - wpewebkit 2.36.0-2~deb11u1
 [08 Apr 2022] DSA-5115-1 webkit2gtk - security update
-	{CVE-2022-22624 CVE-2022-22628 CVE-2022-22629}
+	{CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662}
 	[buster] - webkit2gtk 2.36.0-3~deb10u1
 	[bullseye] - webkit2gtk 2.36.0-3~deb11u1
 [07 Apr 2022] DSA-5114-1 chromium - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2616bb6b6088697365926aa4dc25b85bee6d521f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2616bb6b6088697365926aa4dc25b85bee6d521f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220706/56db5851/attachment-0001.htm>