[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2023-0012
Alberto Garcia (@berto)
berto at debian.org
Mon Dec 18 11:39:20 GMT 2023
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4cf9ac89 by Alberto Garcia at 2023-12-18T12:38:42+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2023-0012
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1703,13 +1703,23 @@ CVE-2023-42894 (This issue was addressed with improved redaction of sensitive in
CVE-2023-42891 (An authentication issue was addressed with improved state management. ...)
NOT-FOR-US: Apple
CVE-2023-42890 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.42.0-1
+ [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+ - wpewebkit 2.42.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0012.html
CVE-2023-42886 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2023-42884 (This issue was addressed with improved redaction of sensitive informat ...)
NOT-FOR-US: Apple
CVE-2023-42883 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.42.4-1
+ [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+ - wpewebkit 2.42.4-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0012.html
CVE-2023-42882 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2023-42874 (This issue was addressed with improved state management. This issue is ...)
=====================================
data/DSA/list
=====================================
@@ -199,7 +199,7 @@
[12 Oct 2023] DSA-5522-2 tomcat9 - regression update
[bullseye] - tomcat9 9.0.43-2~deb11u8
[12 Oct 2023] DSA-5527-1 webkit2gtk - security update
- {CVE-2023-32359 CVE-2023-39928 CVE-2023-41074 CVE-2023-41993}
+ {CVE-2023-32359 CVE-2023-39928 CVE-2023-41074 CVE-2023-41993 CVE-2023-42890}
[bullseye] - webkit2gtk 2.42.1-1~deb11u1
[bookworm] - webkit2gtk 2.42.1-1~deb12u1
[12 Oct 2023] DSA-5526-1 chromium - security update
=====================================
data/dsa-needed.txt
=====================================
@@ -93,6 +93,8 @@ squid
--
varnish
--
+webkit2gtk (berto)
+--
zbar
unfixed upstream, initial aproaches are overly strict and cause zbar's tests to fail, some caution is in order
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cf9ac89ab8083805495c1e9e2e65918fb5e08f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4cf9ac89ab8083805495c1e9e2e65918fb5e08f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231218/9ab7da4e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list