[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2023-0007

Alberto Garcia (@berto) berto at debian.org
Sat Aug 5 01:11:31 BST 2023



Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0acb0fe3 by Alberto Garcia at 2023-08-05T03:10:50+03:00
webkit2gtk / wpewebkit upstream advisory WSA-2023-0007

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -922,11 +922,17 @@ CVE-2023-38604 (An out-of-bounds write issue was addressed with improved input v
 CVE-2023-38601 (This issue was addressed by removing the vulnerable code. This issue i ...)
 	NOT-FOR-US: Apple
 CVE-2023-38599 (A logic issue was addressed with improved state management. This issue ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.40.5-1
+	- wpewebkit 2.40.5-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
 CVE-2023-38598 (A use-after-free issue was addressed with improved memory management.  ...)
 	NOT-FOR-US: Apple
 CVE-2023-38592 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.40.5-1
+	- wpewebkit 2.40.5-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
 CVE-2023-38590 (A buffer overflow issue was addressed with improved memory handling. T ...)
 	NOT-FOR-US: Apple
 CVE-2023-38571 (This issue was addressed with improved validation of symlinks. This is ...)
@@ -1037,7 +1043,10 @@ CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to unautho
 CVE-2023-3451
 	REJECTED
 CVE-2023-38611 (The issue was addressed with improved memory handling. This issue is f ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.40.5-1
+	- wpewebkit 2.40.5-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
 CVE-2023-38608 (The issue was addressed with additional permissions checks. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2023-38606 (This issue was addressed with improved state management. This issue is ...)
@@ -1047,19 +1056,34 @@ CVE-2023-38603 (The issue was addressed with improved checks. This issue is fixe
 CVE-2023-38602 (A permissions issue was addressed with additional restrictions. This i ...)
 	NOT-FOR-US: Apple
 CVE-2023-38600 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.40.5-1
+	- wpewebkit 2.40.5-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
 CVE-2023-38597 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.40.5-1
+	- wpewebkit 2.40.5-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
 CVE-2023-38595 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.40.5-1
+	- wpewebkit 2.40.5-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
 CVE-2023-38594 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.40.5-1
+	- wpewebkit 2.40.5-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
 CVE-2023-38593 (A logic issue was addressed with improved checks. This issue is fixed  ...)
 	NOT-FOR-US: Apple
 CVE-2023-38580 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple
 CVE-2023-38572 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.40.5-1
+	- wpewebkit 2.40.5-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
 CVE-2023-38565 (A path handling issue was addressed with improved validation. This iss ...)
 	NOT-FOR-US: Apple
 CVE-2023-38564 (The issue was addressed with improved checks. This issue is fixed in m ...)
@@ -1084,7 +1108,10 @@ CVE-2023-38258 (The issue was addressed with improved checks. This issue is fixe
 CVE-2023-38136 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple
 CVE-2023-38133 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.40.5-1
+	- wpewebkit 2.40.5-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
 CVE-2023-37732 (Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm ...)
 	- yasm <unfixed> (unimportant)
 	NOTE: https://github.com/yasm/yasm/issues/233


=====================================
data/dsa-needed.txt
=====================================
@@ -92,6 +92,8 @@ thunderbird (jmm)
 --
 tiff
 --
+webkit2gtk
+--
 wpewebkit/oldstable
 --
 xrdp/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0acb0fe383944b3baaa72cd20374e6f7a4d3391c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0acb0fe383944b3baaa72cd20374e6f7a4d3391c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230805/f96b11f8/attachment.htm>


More information about the debian-security-tracker-commits mailing list