[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2025-0003

Alberto Garcia (@berto) berto at debian.org
Mon Apr 7 15:02:18 BST 2025 


Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6e10dea5 by Alberto Garcia at 2025-04-07T16:01:46+02:00
webkit2gtk / wpewebkit upstream advisory WSA-2025-0003

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2636,7 +2636,11 @@ CVE-2025-30429 (A path handling issue was addressed with improved validation. Th
 CVE-2025-30428 (This issue was addressed through improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2025-30427 (A use-after-free issue was addressed with improved memory management.  ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.48.1-1
+	- wpewebkit 2.48.1-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0003.html
 CVE-2025-30426 (This issue was addressed with additional entitlement checks. This issu ...)
 	NOT-FOR-US: Apple
 CVE-2025-30425 (This issue was addressed through improved state management. This issue ...)
@@ -2682,7 +2686,11 @@ CVE-2025-24266 (A buffer overflow was addressed with improved bounds checking. T
 CVE-2025-24265 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
 	NOT-FOR-US: Apple
 CVE-2025-24264 (The issue was addressed with improved memory handling. This issue is f ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.48.1-1
+	- wpewebkit 2.48.1-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0003.html
 CVE-2025-24263 (A privacy issue was addressed by moving sensitive data to a protected  ...)
 	NOT-FOR-US: Apple
 CVE-2025-24262 (A privacy issue was addressed with improved private data redaction for ...)
@@ -2758,13 +2766,21 @@ CVE-2025-24218 (A privacy issue was addressed with improved private data redacti
 CVE-2025-24217 (This issue was addressed with improved redaction of sensitive informat ...)
 	NOT-FOR-US: Apple
 CVE-2025-24216 (The issue was addressed with improved memory handling. This issue is f ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.48.1-1
+	- wpewebkit 2.48.1-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0003.html
 CVE-2025-24215 (The issue was addressed with improved checks. This issue is fixed in m ...)
 	NOT-FOR-US: Apple
 CVE-2025-24214 (A privacy issue was addressed by not logging contents of text fields.  ...)
 	NOT-FOR-US: Apple
 CVE-2025-24213 (This issue was addressed with improved handling of floats. This issue  ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.48.1-1
+	- wpewebkit 2.48.1-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0003.html
 CVE-2025-24212 (This issue was addressed with improved checks. This issue is fixed in  ...)
 	NOT-FOR-US: Apple
 CVE-2025-24211 (This issue was addressed with improved memory handling. This issue is  ...)
@@ -2772,9 +2788,17 @@ CVE-2025-24211 (This issue was addressed with improved memory handling. This iss
 CVE-2025-24210 (A logic error was addressed with improved error handling. This issue i ...)
 	NOT-FOR-US: Apple
 CVE-2025-24209 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.48.1-1
+	- wpewebkit 2.48.1-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0003.html
 CVE-2025-24208 (A permissions issue was addressed with additional restrictions. This i ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.48.1-1
+	- wpewebkit 2.48.1-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0003.html
 CVE-2025-24207 (A permissions issue was addressed with additional restrictions. This i ...)
 	NOT-FOR-US: Apple
 CVE-2025-24205 (An authorization issue was addressed with improved state management. T ...)
@@ -6143,7 +6167,11 @@ CVE-2025-25758 (An issue in KukuFM Android v1.12.7 (11207) allows attackers to a
 CVE-2024-54564 (This issue was addressed through improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2024-54551 (The issue was addressed with improved memory handling. This issue is f ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.48.1-1
+	- wpewebkit 2.48.1-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0003.html
 CVE-2024-50053 (Zohocorp ManageEngine ServiceDesk Plus versionsbelow14920, ServiceDesk ...)
 	NOT-FOR-US: Zoho
 CVE-2024-44305 (This issue was addressed by removing the vulnerable code. This issue i ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -60,6 +60,8 @@ sympa
 --
 tcpdf
 --
+webkit2gtk (berto)
+--
 wordpress
 --
 zabbix



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e10dea57fb517a26f5e35c0493407882f603297

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e10dea57fb517a26f5e35c0493407882f603297
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250407/489127c8/attachment.htm>

More information about the debian-security-tracker-commits mailing list