[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2023-0008

[Alberto Garcia (@berto)]

Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b5a5976e by Alberto Garcia at 2023-09-11T18:26:27+02:00
webkit2gtk / wpewebkit upstream advisory WSA-2023-0008

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -212,7 +212,10 @@ CVE-2023-41053 (Redis is an in-memory database that persists on disk. Redis does
 	NOTE: Fixed by: https://github.com/redis/redis/commit/0f14d3279212e1b262869b6160db87d6f117cff5 (7.0.13)
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc
 CVE-2023-40397 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.40.5-1
+	- wpewebkit 2.40.5-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
 CVE-2023-40392 (A privacy issue was addressed with improved private data redaction for ...)
 	NOT-FOR-US: Apple
 CVE-2023-39967 (WireMock is a tool for mocking HTTP services. When certain request URL ...)
@@ -431,7 +434,10 @@ CVE-2023-32425 (The issue was addressed with improved memory handling. This issu
 CVE-2023-32379 (A buffer overflow issue was addressed with improved memory handling. T ...)
 	NOT-FOR-US: Apple
 CVE-2023-32370 (A logic issue was addressed with improved validation. This issue is fi ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.40.1-1
+	- wpewebkit 2.40.2-2
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
 CVE-2023-32362 (Error handling was changed to not reveal sensitive information. This i ...)
 	NOT-FOR-US: Apple
 CVE-2023-32356 (A buffer overflow issue was addressed with improved memory handling. T ...)
@@ -25311,7 +25317,10 @@ CVE-2023-28200 (A validation issue was addressed with improved input sanitizatio
 CVE-2023-28199 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
 	NOT-FOR-US: Apple
 CVE-2023-28198 (A use-after-free issue was addressed with improved memory management.  ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.40.1-1
+	- wpewebkit 2.40.2-2
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
 CVE-2023-28197
 	RESERVED
 CVE-2023-28196


=====================================
data/DSA/list
=====================================
@@ -98,7 +98,7 @@
 	[bullseye] - thunderbird 1:102.14.0-1~deb11u1
 	[bookworm] - thunderbird 1:102.14.0-1~deb12u1
 [05 Aug 2023] DSA-5468-1 webkit2gtk - security update
-	{CVE-2023-38133 CVE-2023-38572 CVE-2023-38592 CVE-2023-38594 CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600 CVE-2023-38611}
+	{CVE-2023-38133 CVE-2023-38572 CVE-2023-38592 CVE-2023-38594 CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600 CVE-2023-38611 CVE-2023-40397}
 	[bullseye] - webkit2gtk 2.40.5-1~deb11u1
 	[bookworm] - webkit2gtk 2.40.5-1~deb12u1
 [04 Aug 2023] DSA-5467-1 chromium - security update
@@ -345,7 +345,7 @@
 	{CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205}
 	[bullseye] - wpewebkit 2.38.6-1~deb11u1
 [03 May 2023] DSA-5396-1 webkit2gtk - security update
-	{CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205 CVE-2023-32393 CVE-2023-32435}
+	{CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 CVE-2023-28205 CVE-2023-32393 CVE-2023-32435 CVE-2023-28198 CVE-2023-32370}
 	[bullseye] - webkit2gtk 2.40.1-1~deb11u1
 [02 May 2023] DSA-5395-1 nodejs - security update
 	{CVE-2023-23920}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5a5976e3de0d1e7126d124b2150f8752f62a54a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5a5976e3de0d1e7126d124b2150f8752f62a54a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230911/39c22611/attachment-0001.htm>