[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2023-0007
Alberto Garcia (@berto)
berto at debian.org
Sat Aug 5 01:11:31 BST 2023
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0acb0fe3 by Alberto Garcia at 2023-08-05T03:10:50+03:00
webkit2gtk / wpewebkit upstream advisory WSA-2023-0007
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -922,11 +922,17 @@ CVE-2023-38604 (An out-of-bounds write issue was addressed with improved input v
CVE-2023-38601 (This issue was addressed by removing the vulnerable code. This issue i ...)
NOT-FOR-US: Apple
CVE-2023-38599 (A logic issue was addressed with improved state management. This issue ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38598 (A use-after-free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2023-38592 (A logic issue was addressed with improved restrictions. This issue is ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38590 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
CVE-2023-38571 (This issue was addressed with improved validation of symlinks. This is ...)
@@ -1037,7 +1043,10 @@ CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to unautho
CVE-2023-3451
REJECTED
CVE-2023-38611 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38608 (The issue was addressed with additional permissions checks. This issue ...)
NOT-FOR-US: Apple
CVE-2023-38606 (This issue was addressed with improved state management. This issue is ...)
@@ -1047,19 +1056,34 @@ CVE-2023-38603 (The issue was addressed with improved checks. This issue is fixe
CVE-2023-38602 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2023-38600 (The issue was addressed with improved checks. This issue is fixed in i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38597 (The issue was addressed with improved checks. This issue is fixed in i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38595 (The issue was addressed with improved checks. This issue is fixed in i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38594 (The issue was addressed with improved checks. This issue is fixed in i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38593 (A logic issue was addressed with improved checks. This issue is fixed ...)
NOT-FOR-US: Apple
CVE-2023-38580 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2023-38572 (The issue was addressed with improved checks. This issue is fixed in i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38565 (A path handling issue was addressed with improved validation. This iss ...)
NOT-FOR-US: Apple
CVE-2023-38564 (The issue was addressed with improved checks. This issue is fixed in m ...)
@@ -1084,7 +1108,10 @@ CVE-2023-38258 (The issue was addressed with improved checks. This issue is fixe
CVE-2023-38136 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2023-38133 (The issue was addressed with improved checks. This issue is fixed in i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-37732 (Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm ...)
- yasm <unfixed> (unimportant)
NOTE: https://github.com/yasm/yasm/issues/233
=====================================
data/dsa-needed.txt
=====================================
@@ -92,6 +92,8 @@ thunderbird (jmm)
--
tiff
--
+webkit2gtk
+--
wpewebkit/oldstable
--
xrdp/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0acb0fe383944b3baaa72cd20374e6f7a4d3391c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0acb0fe383944b3baaa72cd20374e6f7a4d3391c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230805/f96b11f8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list