[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2024-0006

Alberto Garcia (@berto) berto at debian.org
Thu Oct 31 09:51:47 GMT 2024 


Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7862b05c by Alberto Garcia at 2024-10-31T10:51:17+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2024-0006

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -716,7 +716,12 @@ CVE-2024-44301 (The issue was addressed with improved checks. This issue is fixe
 CVE-2024-44297 (The issue was addressed with improved bounds checks. This issue is fix ...)
 	NOT-FOR-US: Apple
 CVE-2024-44296 (The issue was addressed with improved checks. This issue is fixed in t ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.46.3-1
+	[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+	- wpewebkit 2.46.3-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2024-0006.html
 CVE-2024-44295 (This issue was addressed with additional entitlement checks. This issu ...)
 	NOT-FOR-US: Apple
 CVE-2024-44294 (A path deletion vulnerability was addressed by preventing vulnerable c ...)
@@ -788,7 +793,12 @@ CVE-2024-44251 (This issue was addressed through improved state management. This
 CVE-2024-44247 (The issue was addressed with improved checks. This issue is fixed in m ...)
 	NOT-FOR-US: Apple
 CVE-2024-44244 (A memory corruption issue was addressed with improved input validation ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.46.3-1
+	[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+	- wpewebkit 2.46.3-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2024-0006.html
 CVE-2024-44240 (The issue was addressed with improved checks. This issue is fixed in t ...)
 	NOT-FOR-US: Apple
 CVE-2024-44239 (An information disclosure issue was addressed with improved private da ...)
@@ -1792,7 +1802,12 @@ CVE-2024-44206 (An issue in the handling of URL protocols was addressed with imp
 CVE-2024-44205 (A privacy issue was addressed with improved private data redaction for ...)
 	NOT-FOR-US: Apple
 CVE-2024-44185 (The issue was addressed with improved checks. This issue is fixed in t ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.46.0-1
+	[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+	- wpewebkit 2.46.1-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2024-0006.html
 CVE-2024-44141 (The issue was addressed with improved checks. This issue is fixed in m ...)
 	NOT-FOR-US: Apple
 CVE-2024-40810 (An out-of-bounds write issue was addressed with improved input validat ...)


=====================================
data/DSA/list
=====================================
@@ -23,7 +23,7 @@
 	{CVE-2024-9954 CVE-2024-9955 CVE-2024-9956 CVE-2024-9957 CVE-2024-9958 CVE-2024-9959 CVE-2024-9960 CVE-2024-9961 CVE-2024-9962 CVE-2024-9963 CVE-2024-9964 CVE-2024-9965 CVE-2024-9966}
 	[bookworm] - chromium 130.0.6723.58-1~deb12u1
 [14 Oct 2024] DSA-5792-1 webkit2gtk - security update
-	{CVE-2024-40866 CVE-2024-44187}
+	{CVE-2024-40866 CVE-2024-44185 CVE-2024-44187}
 	[bookworm] - webkit2gtk 2.46.0-2~deb12u1
 [13 Oct 2024] DSA-5791-1 python-reportlab - security update
 	{CVE-2023-33733}


=====================================
data/dsa-needed.txt
=====================================
@@ -47,6 +47,8 @@ smarty4
 --
 thunderbird (jmm)
 --
+webkit2gtk (berto)
+--
 xen
 --
 zabbix



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7862b05cd5bf4f7c0fe3b122654f61a3df0a92a2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7862b05cd5bf4f7c0fe3b122654f61a3df0a92a2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241031/b71bf203/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list