[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit: CVE-2022-30293 and CVE-2022-30294

Alberto Garcia (@berto) berto at debian.org
Mon May 16 09:29:39 BST 2022 


Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8dfae6f6 by Alberto Garcia at 2022-05-16T10:29:09+02:00
webkit2gtk / wpewebkit: CVE-2022-30293 and CVE-2022-30294

Upstream security advisory pending

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1546,9 +1546,15 @@ CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predict
 	NOTE: https://mailman.openadk.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/thread/6JWRW3P4VN54J5FHUDK7IQOU4V35HHDZ/
 	NOTE: src:uclibc switched to the uClibc-ng source codebase with the 1.0.20-1 upload.
 CVE-2022-30294 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-fre ...)
-	TODO: check, Alberto Garcia is checking with upstream
+	RESERVED
+	- webkit2gtk 2.36.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.36.1-1
 CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based bu ...)
-	TODO: check, Alberto Garcia is checking with upstream
+	RESERVED
+	- webkit2gtk 2.36.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.36.1-1
 CVE-2022-29894
 	RESERVED
 CVE-2022-1602


=====================================
data/dsa-needed.txt
=====================================
@@ -63,3 +63,7 @@ waitress (jmm)
 --
 wordpress
 --
+webkit2gtk
+--
+wpewebkit
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dfae6f64f6488d5baf216eca3da5f3e56042e49

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dfae6f64f6488d5baf216eca3da5f3e56042e49
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220516/ebe98f6e/attachment.htm>

More information about the debian-security-tracker-commits mailing list