[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2023-0005

[Alberto Garcia (@berto)]

Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b002770 by Alberto Garcia at 2023-06-29T17:17:55+02:00
webkit2gtk / wpewebkit upstream advisory WSA-2023-0005

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -563,7 +563,10 @@ CVE-2023-32580 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-32480 (Dell BIOS contains an Improper Input Validation vulnerability. An unau ...)
 	NOT-FOR-US: Dell
 CVE-2023-32439 (A type confusion issue was addressed with improved checks. This issue  ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.40.3-1
+	- wpewebkit 2.40.3-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	NOTE: https://webkitgtk.org/security/WSA-2023-0005.html
 CVE-2023-32435 (A memory corruption issue was addressed with improved state management ...)
 	NOT-FOR-US: Apple
 CVE-2023-32434 (An integer overflow was addressed with improved input validation. This ...)


=====================================
data/DSA/list
=====================================
@@ -149,7 +149,7 @@
 	{CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205}
 	[bullseye] - wpewebkit 2.38.6-1~deb11u1
 [03 May 2023] DSA-5396-1 webkit2gtk - security update
-	{CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205}
+	{CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205 CVE-2023-32435}
 	[bullseye] - webkit2gtk 2.40.1-1~deb11u1
 [02 May 2023] DSA-5395-1 nodejs - security update
 	{CVE-2023-23920}
@@ -619,10 +619,10 @@
 	{CVE-2022-29599}
 	[bullseye] - maven-shared-utils 3.3.0-1+deb11u1
 [28 Sep 2022] DSA-5241-1 wpewebkit - security update
-	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
+	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2022-48503 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
 	[bullseye] - wpewebkit 2.38.0-1~deb11u1
 [28 Sep 2022] DSA-5240-1 webkit2gtk - security update
-	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
+	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2022-48503 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
 	[bullseye] - webkit2gtk 2.38.0-1~deb11u1
 [27 Sep 2022] DSA-5239-1 gdal - security update
 	{CVE-2021-45943}


=====================================
data/dsa-needed.txt
=====================================
@@ -79,6 +79,8 @@ salt/oldstable
 --
 samba/oldstable
 --
+webkit2gtk
+--
 wpewebkit
 --
 xrdp/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b002770aac0166b14ff765a9531e5d440cdadaf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b002770aac0166b14ff765a9531e5d440cdadaf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230629/9232386a/attachment-0001.htm>