[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2024-0006
Alberto Garcia (@berto)
berto at debian.org
Thu Oct 31 09:51:47 GMT 2024
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7862b05c by Alberto Garcia at 2024-10-31T10:51:17+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2024-0006
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -716,7 +716,12 @@ CVE-2024-44301 (The issue was addressed with improved checks. This issue is fixe
CVE-2024-44297 (The issue was addressed with improved bounds checks. This issue is fix ...)
NOT-FOR-US: Apple
CVE-2024-44296 (The issue was addressed with improved checks. This issue is fixed in t ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.46.3-1
+ [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+ - wpewebkit 2.46.3-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2024-0006.html
CVE-2024-44295 (This issue was addressed with additional entitlement checks. This issu ...)
NOT-FOR-US: Apple
CVE-2024-44294 (A path deletion vulnerability was addressed by preventing vulnerable c ...)
@@ -788,7 +793,12 @@ CVE-2024-44251 (This issue was addressed through improved state management. This
CVE-2024-44247 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-44244 (A memory corruption issue was addressed with improved input validation ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.46.3-1
+ [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+ - wpewebkit 2.46.3-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2024-0006.html
CVE-2024-44240 (The issue was addressed with improved checks. This issue is fixed in t ...)
NOT-FOR-US: Apple
CVE-2024-44239 (An information disclosure issue was addressed with improved private da ...)
@@ -1792,7 +1802,12 @@ CVE-2024-44206 (An issue in the handling of URL protocols was addressed with imp
CVE-2024-44205 (A privacy issue was addressed with improved private data redaction for ...)
NOT-FOR-US: Apple
CVE-2024-44185 (The issue was addressed with improved checks. This issue is fixed in t ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.46.0-1
+ [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+ - wpewebkit 2.46.1-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2024-0006.html
CVE-2024-44141 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-40810 (An out-of-bounds write issue was addressed with improved input validat ...)
=====================================
data/DSA/list
=====================================
@@ -23,7 +23,7 @@
{CVE-2024-9954 CVE-2024-9955 CVE-2024-9956 CVE-2024-9957 CVE-2024-9958 CVE-2024-9959 CVE-2024-9960 CVE-2024-9961 CVE-2024-9962 CVE-2024-9963 CVE-2024-9964 CVE-2024-9965 CVE-2024-9966}
[bookworm] - chromium 130.0.6723.58-1~deb12u1
[14 Oct 2024] DSA-5792-1 webkit2gtk - security update
- {CVE-2024-40866 CVE-2024-44187}
+ {CVE-2024-40866 CVE-2024-44185 CVE-2024-44187}
[bookworm] - webkit2gtk 2.46.0-2~deb12u1
[13 Oct 2024] DSA-5791-1 python-reportlab - security update
{CVE-2023-33733}
=====================================
data/dsa-needed.txt
=====================================
@@ -47,6 +47,8 @@ smarty4
--
thunderbird (jmm)
--
+webkit2gtk (berto)
+--
xen
--
zabbix
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7862b05cd5bf4f7c0fe3b122654f61a3df0a92a2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7862b05cd5bf4f7c0fe3b122654f61a3df0a92a2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241031/b71bf203/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list