[Git][security-tracker-team/security-tracker][master] Correct note about wpewebkit in bullseye
Alberto Garcia (@berto)
berto at debian.org
Thu Nov 16 09:39:19 GMT 2023
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0c863abf by Alberto Garcia at 2023-11-16T10:38:40+01:00
Correct note about wpewebkit in bullseye
We are not backporting versions >= 2.40
This amends commit 3baecc10afcf20d3fbb5ac9851f6cf28bd8e6bed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3546,7 +3546,7 @@ CVE-2023-42852 (A logic issue was addressed with improved checks. This issue is
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0010.html
CVE-2023-42850 (The issue was addressed with improved permissions logic. This issue is ...)
NOT-FOR-US: Apple
@@ -3591,6 +3591,7 @@ CVE-2023-41983 (The issue was addressed with improved memory handling. This issu
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.2-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0010.html
CVE-2023-41982 (This issue was addressed by restricting options offered on a locked de ...)
NOT-FOR-US: Apple
@@ -3662,7 +3663,7 @@ CVE-2023-32359 (This issue was addressed with improved redaction of sensitive in
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0010.html
CVE-2023-46660 (Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time compari ...)
NOT-FOR-US: Jenkins plugin
@@ -8786,7 +8787,7 @@ CVE-2023-41074 (The issue was addressed with improved checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-41073 (An authorization issue was addressed with improved state management. T ...)
NOT-FOR-US: Apple
@@ -8844,7 +8845,7 @@ CVE-2023-40451 (This issue was addressed with improved iframe sandbox enforcemen
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-40450 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
@@ -8920,7 +8921,7 @@ CVE-2023-39434 (A use-after-free issue was addressed with improved memory manage
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-39233 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
@@ -8944,7 +8945,7 @@ CVE-2023-35074 (The issue was addressed with improved memory handling. This issu
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-35071 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: MRV Tech Logging Administration Panel
@@ -9525,7 +9526,7 @@ CVE-2023-41993 (The issue was addressed with improved checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-41992 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
@@ -10433,7 +10434,7 @@ CVE-2023-39928 (A use-after-free vulnerability exists in the MediaRecorder API o
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-39916 (NLnet Labs\u2019 Routinator 0.9.0 up to and including 0.12.1 contains ...)
- routinator <itp> (bug #929024)
@@ -11246,7 +11247,7 @@ CVE-2023-40397 (The issue was addressed with improved checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
CVE-2023-40392 (A privacy issue was addressed with improved private data redaction for ...)
NOT-FOR-US: Apple
@@ -11483,7 +11484,7 @@ CVE-2023-32370 (A logic issue was addressed with improved validation. This issue
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
CVE-2023-32362 (Error handling was changed to not reveal sensitive information. This i ...)
NOT-FOR-US: Apple
@@ -17108,7 +17109,7 @@ CVE-2023-38599 (A logic issue was addressed with improved state management. This
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38598 (A use-after-free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
@@ -17118,7 +17119,7 @@ CVE-2023-38592 (A logic issue was addressed with improved restrictions. This iss
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38590 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
@@ -17236,7 +17237,7 @@ CVE-2023-38611 (The issue was addressed with improved memory handling. This issu
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38608 (The issue was addressed with additional permissions checks. This issue ...)
NOT-FOR-US: Apple
@@ -17252,7 +17253,7 @@ CVE-2023-38600 (The issue was addressed with improved checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38597 (The issue was addressed with improved checks. This issue is fixed in i ...)
{DSA-5468-1}
@@ -17260,7 +17261,7 @@ CVE-2023-38597 (The issue was addressed with improved checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38595 (The issue was addressed with improved checks. This issue is fixed in i ...)
{DSA-5468-1}
@@ -17268,7 +17269,7 @@ CVE-2023-38595 (The issue was addressed with improved checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38594 (The issue was addressed with improved checks. This issue is fixed in i ...)
{DSA-5468-1}
@@ -17276,7 +17277,7 @@ CVE-2023-38594 (The issue was addressed with improved checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38593 (A logic issue was addressed with improved checks. This issue is fixed ...)
NOT-FOR-US: Apple
@@ -17288,7 +17289,7 @@ CVE-2023-38572 (The issue was addressed with improved checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38565 (A path handling issue was addressed with improved validation. This iss ...)
NOT-FOR-US: Apple
@@ -17322,7 +17323,7 @@ CVE-2023-38133 (The issue was addressed with improved checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-37732 (Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm ...)
- yasm <unfixed> (unimportant)
@@ -17959,7 +17960,7 @@ CVE-2023-37450 (The issue was addressed with improved checks. This issue is fixe
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.4-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0006.html
NOTE: https://github.com/WebKit/WebKit/commit/4f99c0670d2d91dbc51725a7af6909e186db1b07
CVE-2023-38200 (A flaw was found in Keylime. Due to their blocking nature, the Keylime ...)
@@ -21582,7 +21583,7 @@ CVE-2023-32439 (A type confusion issue was addressed with improved checks. This
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.3-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0005.html
CVE-2023-32435 (A memory corruption issue was addressed with improved state management ...)
{DSA-5396-1}
@@ -21590,7 +21591,7 @@ CVE-2023-32435 (A memory corruption issue was addressed with improved state mana
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0005.html
CVE-2023-32434 (An integer overflow was addressed with improved input validation. This ...)
NOT-FOR-US: Apple
@@ -21646,7 +21647,7 @@ CVE-2023-32393 (The issue was addressed with improved memory handling. This issu
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0006.html
CVE-2023-32392 (A privacy issue was addressed with improved private data redaction for ...)
NOT-FOR-US: Apple
@@ -25100,7 +25101,7 @@ CVE-2023-32373 (A use-after-free issue was addressed with improved memory manage
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=254840
NOTE: https://github.com/WebKit/WebKit/commit/85fd2302d16a09a82d9a6e81eb286babb23c4b3c
NOTE: https://webkitgtk.org/security/WSA-2023-0004.html
@@ -36556,7 +36557,7 @@ CVE-2023-28204 (An out-of-bounds read was addressed with improved input validati
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=254930
NOTE: https://github.com/WebKit/WebKit/commit/698c6e293734c3c46f223b77d5b4ee48b320e32c
NOTE: https://webkitgtk.org/security/WSA-2023-0004.html
@@ -36576,7 +36577,7 @@ CVE-2023-28198 (A use-after-free issue was addressed with improved memory manage
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
- [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be sensibly backported)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
CVE-2023-28197
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c863abff1bb8bf5e5239c4477b39e4cf1d0e725
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c863abff1bb8bf5e5239c4477b39e4cf1d0e725
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231116/3093cb71/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list