[Git][security-tracker-team/security-tracker][master] Add initial mapping for WebKitGTK and WPE WebKit issues from WSA-2025-0005
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Aug 3 13:50:07 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0004ee98 by Salvatore Bonaccorso at 2025-08-03T14:49:41+02:00
Add initial mapping for WebKitGTK and WPE WebKit issues from WSA-2025-0005
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -832,7 +832,11 @@ CVE-2025-43267 (An injection issue was addressed with improved validation. This
CVE-2025-43266 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43265 (An out-of-bounds read was addressed with improved input validation. Th ...)
- NOT-FOR-US: Apple
+ - webkit2gtk <unfixed>
+ - wpewebkit <unfixed>
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-43261 (A logic issue was addressed with improved checks. This issue is fixed ...)
NOT-FOR-US: Apple
CVE-2025-43260 (This issue was addressed with improved data protection. This issue is ...)
@@ -868,7 +872,11 @@ CVE-2025-43243 (A permissions issue was addressed with additional restrictions.
CVE-2025-43241 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43240 (A logic issue was addressed with improved checks. This issue is fixed ...)
- NOT-FOR-US: Apple
+ - webkit2gtk <unfixed>
+ - wpewebkit <unfixed>
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-43239 (An out-of-bounds access issue was addressed with improved bounds check ...)
NOT-FOR-US: Apple
CVE-2025-43237 (An out-of-bounds write issue was addressed with improved bounds checki ...)
@@ -886,9 +894,17 @@ CVE-2025-43230 (The issue was addressed with additional permissions checks. This
CVE-2025-43229 (This issue was addressed through improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2025-43228 (The issue was addressed with improved UI. This issue is fixed in iOS 1 ...)
- NOT-FOR-US: Apple
+ - webkit2gtk <unfixed>
+ - wpewebkit <unfixed>
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-43227 (This issue was addressed through improved state management. This issue ...)
- NOT-FOR-US: Apple
+ - webkit2gtk <unfixed>
+ - wpewebkit <unfixed>
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-43226 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2025-43225 (A logging issue was addressed with improved data redaction. This issue ...)
@@ -908,7 +924,11 @@ CVE-2025-43218 (An out-of-bounds read was addressed with improved input validati
CVE-2025-43217 (The issue was addressed by adding additional logic. This issue is fixe ...)
NOT-FOR-US: Apple
CVE-2025-43216 (A use-after-free issue was addressed with improved memory management. ...)
- NOT-FOR-US: Apple
+ - webkit2gtk <unfixed>
+ - wpewebkit <unfixed>
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-43215 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2025-43214 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -916,9 +936,17 @@ CVE-2025-43214 (The issue was addressed with improved memory handling. This issu
CVE-2025-43213 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2025-43212 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk <unfixed>
+ - wpewebkit <unfixed>
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-43211 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk <unfixed>
+ - wpewebkit <unfixed>
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-43209 (An out-of-bounds access issue was addressed with improved bounds check ...)
NOT-FOR-US: Apple
CVE-2025-43206 (A parsing issue in the handling of directory paths was addressed with ...)
@@ -960,7 +988,11 @@ CVE-2025-31280 (A memory corruption issue was addressed with improved validation
CVE-2025-31279 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-31278 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk <unfixed>
+ - wpewebkit <unfixed>
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-31277 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2025-31276 (This issue was addressed through improved state management. This issue ...)
@@ -968,7 +1000,11 @@ CVE-2025-31276 (This issue was addressed through improved state management. This
CVE-2025-31275 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-31273 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk <unfixed>
+ - wpewebkit <unfixed>
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-31243 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-31229 (A logic issue was addressed with improved checks. This issue is fixed ...)
@@ -4721,6 +4757,11 @@ CVE-2025-6558 (Insufficient validation of untrusted input in ANGLE and GPU in Go
{DSA-5963-1}
- chromium 138.0.7204.157-1
[bullseye] - chromium <end-of-life> (see #1061268)
+ - webkit2gtk <unfixed>
+ - wpewebkit <unfixed>
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-53959 (In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.8619 ...)
NOT-FOR-US: JetBrains
CVE-2025-53903 (The Scratch Channel is a news website that is under development as of ...)
@@ -21986,7 +22027,12 @@ CVE-2025-26735 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-26621 (OpenCTI is an open source platform for managing cyber threat intellige ...)
NOT-FOR-US: OpenCTI
CVE-2025-24189 (The issue was addressed with improved checks. This issue is fixed in S ...)
- NOT-FOR-US: Apple
+ {DSA-5885-1}
+ - webkit2gtk 2.48.0-1
+ - wpewebkit 2.48.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-24184 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2025-24183 (The issue was addressed with improved checks. This issue is fixed in m ...)
=====================================
data/DSA/list
=====================================
@@ -257,7 +257,7 @@
{CVE-2025-25184 CVE-2025-27111 CVE-2025-27610}
[bookworm] - ruby-rack 2.2.13-1~deb12u1
[23 Mar 2025] DSA-5885-1 webkit2gtk - security update
- {CVE-2024-44192 CVE-2024-54467 CVE-2025-24201}
+ {CVE-2024-44192 CVE-2024-54467 CVE-2025-24201 CVE-2025-24189}
[bookworm] - webkit2gtk 2.48.0-1~deb12u1
[23 Mar 2025] DSA-5884-1 libxslt - security update
{CVE-2024-55549 CVE-2025-24855}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0004ee983bfa34385299b060c27f88700e395bca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0004ee983bfa34385299b060c27f88700e395bca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250803/dc165660/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list