[Git][security-tracker-team/security-tracker][master] Add new set of webkit2gtk issues

Sun Mar 5 19:41:00 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
874845fb by Salvatore Bonaccorso at 2023-03-05T20:40:23+01:00
Add new set of webkit2gtk issues

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6203,17 +6203,27 @@ CVE-2023-25365
 CVE-2023-25364
 	RESERVED
 CVE-2023-25363 (A use-after-free vulnerability in WebCore::RenderLayer::updateDescenda ...)
-	TODO: check
+	- webkit2gtk 2.38.0-1
+	- wpewebkit 2.38.0-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=242684
 CVE-2023-25362 (A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSe ...)
-	TODO: check
+	- webkit2gtk 2.38.0-1
+	- wpewebkit 2.38.0-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=244802
 CVE-2023-25361 (A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling ...)
-	TODO: check
+	- webkit2gtk 2.38.0-1
+	- wpewebkit 2.38.0-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=244249
 CVE-2023-25360 (A use-after-free vulnerability in WebCore::RenderLayer::renderer in We ...)
-	TODO: check
+	- webkit2gtk 2.38.0-1
+	- wpewebkit 2.38.0-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=242686
 CVE-2023-25359
 	RESERVED
 CVE-2023-25358 (A use-after-free vulnerability in WebCore::RenderLayer::addChild in We ...)
-	TODO: check
+	- webkit2gtk 2.38.0-1
+	- wpewebkit 2.38.0-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=242683
 CVE-2023-25357
 	RESERVED
 CVE-2023-25356


=====================================
data/DLA/list
=====================================
@@ -683,7 +683,7 @@
 	{CVE-2020-25708 CVE-2020-29260}
 	[buster] - libvncserver 0.9.11+dfsg-1.3+deb10u5
 [29 Sep 2022] DLA-3124-1 webkit2gtk - security update
-	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
+	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
 	[buster] - webkit2gtk 2.38.0-1~deb10u1
 [27 Sep 2022] DLA-3123-1 thunderbird - security update
 	{CVE-2022-3266 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962}


=====================================
data/DSA/list
=====================================
@@ -386,10 +386,10 @@
 	{CVE-2022-29599}
 	[bullseye] - maven-shared-utils 3.3.0-1+deb11u1
 [28 Sep 2022] DSA-5241-1 wpewebkit - security update
-	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
+	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
 	[bullseye] - wpewebkit 2.38.0-1~deb11u1
 [28 Sep 2022] DSA-5240-1 webkit2gtk - security update
-	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863}
+	{CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42863 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363}
 	[bullseye] - webkit2gtk 2.38.0-1~deb11u1
 [27 Sep 2022] DSA-5239-1 gdal - security update
 	{CVE-2021-45943}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/874845fb52cd250c6541f6b64ffad2c6c26e2bc1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/874845fb52cd250c6541f6b64ffad2c6c26e2bc1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230305/e6f53873/attachment-0001.htm>
