[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2023-0011
Alberto Garcia (@berto)
berto at debian.org
Tue Dec 5 15:11:15 GMT 2023
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aac31cda by Alberto Garcia at 2023-12-05T16:10:49+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2023-0011
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -767,9 +767,19 @@ CVE-2023-43453 (An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.
CVE-2023-43089 (Dell Rugged Control Center, version prior to 4.7, contains insufficien ...)
NOT-FOR-US: Dell
CVE-2023-42917 (A memory corruption vulnerability was addressed with improved locking. ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.42.3-1
+ [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+ - wpewebkit 2.42.3-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0011.html
CVE-2023-42916 (An out-of-bounds read was addressed with improved input validation. Th ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.42.3-1
+ [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+ - wpewebkit 2.42.3-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0011.html
CVE-2023-3964 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2023-3949 (An issue has been discovered in GitLab affecting all versions starting ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -81,6 +81,8 @@ squid
--
varnish
--
+webkit2gtk (berto)
+--
zbar
unfixed upstream, initial aproaches are overly strict and cause zbar's tests to fail, some caution is in order
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac31cdac61ad8393ff41b4ec09c9d1fb96320e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac31cdac61ad8393ff41b4ec09c9d1fb96320e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231205/1760f1d7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list