[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2023-0005
Alberto Garcia (@berto)
berto at debian.org
Thu Jun 29 16:19:17 BST 2023
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7b002770 by Alberto Garcia at 2023-06-29T17:17:55+02:00
webkit2gtk / wpewebkit upstream advisory WSA-2023-0005
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -563,7 +563,10 @@ CVE-2023-32580 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-32480 (Dell BIOS contains an Improper Input Validation vulnerability. An unau ...)
NOT-FOR-US: Dell
CVE-2023-32439 (A type confusion issue was addressed with improved checks. This issue ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.3-1
+ - wpewebkit 2.40.3-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0005.html
CVE-2023-32435 (A memory corruption issue was addressed with improved state management ...)
NOT-FOR-US: Apple
CVE-2023-32434 (An integer overflow was addressed with improved input validation. This ...)
=====================================
data/DSA/list
=====================================
@@ -149,7 +149,7 @@
{CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205}
[bullseye] - wpewebkit 2.38.6-1~deb11u1
[03 May 2023] DSA-5396-1 webkit2gtk - security update
- {CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205}
+ {CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205 CVE-2023-32435}
[bullseye] - webkit2gtk 2.40.1-1~deb11u1
[02 May 2023] DSA-5395-1 nodejs - security update
{CVE-2023-23920}
@@ -619,10 +619,10 @@
{CVE-2022-29599}
[bullseye] - maven-shared-utils 3.3.0-1+deb11u1
[28 Sep 2022] DSA-5241-1 wpewebkit - security update
- {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
+ {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2022-48503 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
[bullseye] - wpewebkit 2.38.0-1~deb11u1
[28 Sep 2022] DSA-5240-1 webkit2gtk - security update
- {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
+ {CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2022-48503 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
[bullseye] - webkit2gtk 2.38.0-1~deb11u1
[27 Sep 2022] DSA-5239-1 gdal - security update
{CVE-2021-45943}
=====================================
data/dsa-needed.txt
=====================================
@@ -79,6 +79,8 @@ salt/oldstable
--
samba/oldstable
--
+webkit2gtk
+--
wpewebkit
--
xrdp/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b002770aac0166b14ff765a9531e5d440cdadaf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b002770aac0166b14ff765a9531e5d440cdadaf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230629/9232386a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list