[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2025-0008
Alberto Garcia (@berto)
berto at debian.org
Tue Dec 2 13:16:15 GMT 2025
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6fe7b081 by Alberto Garcia at 2025-12-02T14:15:47+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2025-0008
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -6809,7 +6809,11 @@ CVE-2025-10853 (A reflected cross-site scripting (XSS) vulnerability exists in t
CVE-2025-10713 (An XML External Entity (XXE) vulnerability exists in multiple WSO2 pro ...)
NOT-FOR-US: WSO2
CVE-2023-43000 (A use-after-free issue was addressed with improved memory management. ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.42.0-1
+ - wpewebkit 2.42.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-52881 (runc is a CLI tool for spawning and running containers according to th ...)
[experimental] - runc 1.3.3+ds1-1
- runc 1.3.3+ds1-2 (bug #1120140)
@@ -7132,7 +7136,11 @@ CVE-2025-43493 (The issue was addressed with improved checks. This issue is fixe
CVE-2025-43481 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2025-43480 (The issue was addressed with improved checks. This issue is fixed in S ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.46.0-1
+ - wpewebkit 2.46.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43479 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43478 (A use after free issue was addressed with improved memory management. ...)
@@ -7180,13 +7188,23 @@ CVE-2025-43445 (An out-of-bounds read was addressed with improved input validati
CVE-2025-43444 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43443 (This issue was addressed with improved checks. This issue is fixed in ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.2-1
+ - wpewebkit 2.50.2-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43442 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43441 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2025-43440 (This issue was addressed with improved checks This issue is fixed in S ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.2-1
+ - wpewebkit 2.50.2-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43439 (A privacy issue was addressed by removing sensitive data. This issue i ...)
NOT-FOR-US: Apple
CVE-2025-43438 (A use-after-free issue was addressed with improved memory management. ...)
@@ -7196,23 +7214,58 @@ CVE-2025-43436 (A permissions issue was addressed with additional restrictions.
CVE-2025-43435 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2025-43434 (A use-after-free issue was addressed with improved memory management. ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.2-1
+ - wpewebkit 2.50.2-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43433 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2025-43432 (A use-after-free issue was addressed with improved memory management. ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.2-1
+ - wpewebkit 2.50.2-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43431 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.2-1
+ - wpewebkit 2.50.2-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43430 (This issue was addressed through improved state management. This issue ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.2-1
+ - wpewebkit 2.50.2-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43429 (A buffer overflow was addressed with improved bounds checking. This is ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.2-1
+ - wpewebkit 2.50.2-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43427 (This issue was addressed through improved state management. This issue ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.2-1
+ - wpewebkit 2.50.2-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43426 (A logging issue was addressed with improved data redaction. This issue ...)
NOT-FOR-US: Apple
CVE-2025-43425 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.2-1
+ - wpewebkit 2.50.2-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43424 (The issue was addressed with improved bounds checks. This issue is fix ...)
NOT-FOR-US: Apple
CVE-2025-43423 (A logging issue was addressed with improved data redaction. This issue ...)
@@ -7224,7 +7277,12 @@ CVE-2025-43421 (Multiple issues were addressed by disabling array allocation sin
CVE-2025-43420 (A race condition was addressed with improved state handling. This issu ...)
NOT-FOR-US: Apple
CVE-2025-43419 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.0-1
+ - wpewebkit 2.50.0-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43414 (A permissions issue was addressed with improved validation. This issue ...)
NOT-FOR-US: Apple
CVE-2025-43413 (An access issue was addressed with additional sandbox restrictions. Th ...)
@@ -7256,7 +7314,12 @@ CVE-2025-43395 (This issue was addressed with improved handling of symlinks. Thi
CVE-2025-43394 (This issue was addressed with improved handling of symlinks. This issu ...)
NOT-FOR-US: Apple
CVE-2025-43392 (The issue was addressed with improved handling of caches. This issue i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.2-1
+ - wpewebkit 2.50.2-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43391 (A privacy issue was addressed with improved handling of temporary file ...)
NOT-FOR-US: Apple
CVE-2025-43390 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...)
=====================================
data/DSA/list
=====================================
@@ -87,7 +87,7 @@
{CVE-2025-2760 CVE-2025-6035 CVE-2025-10922}
[bookworm] - gimp 2.10.34-1+deb12u4
[28 Oct 2025] DSA-6042-1 webkit2gtk - security update
- {CVE-2025-43272 CVE-2025-43342 CVE-2025-43343 CVE-2025-43356 CVE-2025-43368}
+ {CVE-2025-43272 CVE-2025-43342 CVE-2025-43343 CVE-2025-43356 CVE-2025-43368 CVE-2025-43419}
[bookworm] - webkit2gtk 2.50.1-1~deb12u1
[trixie] - webkit2gtk 2.50.1-1~deb13u1
[27 Oct 2025] DSA-6041-1 strongswan - security update
@@ -898,7 +898,7 @@
{CVE-2024-9954 CVE-2024-9955 CVE-2024-9956 CVE-2024-9957 CVE-2024-9958 CVE-2024-9959 CVE-2024-9960 CVE-2024-9961 CVE-2024-9962 CVE-2024-9963 CVE-2024-9964 CVE-2024-9965 CVE-2024-9966}
[bookworm] - chromium 130.0.6723.58-1~deb12u1
[14 Oct 2024] DSA-5792-1 webkit2gtk - security update
- {CVE-2024-40866 CVE-2024-44185 CVE-2024-44187 CVE-2024-54534 CVE-2024-27856}
+ {CVE-2024-40866 CVE-2024-44185 CVE-2024-44187 CVE-2024-54534 CVE-2024-27856 CVE-2025-43480}
[bookworm] - webkit2gtk 2.46.0-2~deb12u1
[13 Oct 2024] DSA-5791-1 python-reportlab - security update
{CVE-2023-33733}
@@ -1850,7 +1850,7 @@
[12 Oct 2023] DSA-5522-2 tomcat9 - regression update
[bullseye] - tomcat9 9.0.43-2~deb11u8
[12 Oct 2023] DSA-5527-1 webkit2gtk - security update
- {CVE-2023-42875 CVE-2023-42970 CVE-2023-32359 CVE-2023-39928 CVE-2023-41074 CVE-2023-41993 CVE-2023-42890 CVE-2023-40414 CVE-2014-1745}
+ {CVE-2023-42875 CVE-2023-42970 CVE-2023-32359 CVE-2023-39928 CVE-2023-41074 CVE-2023-41993 CVE-2023-42890 CVE-2023-40414 CVE-2014-1745 CVE-2023-43000}
[bullseye] - webkit2gtk 2.42.1-1~deb11u1
[bookworm] - webkit2gtk 2.42.1-1~deb12u1
[12 Oct 2023] DSA-5526-1 chromium - security update
=====================================
data/dsa-needed.txt
=====================================
@@ -80,6 +80,8 @@ tomcat11/stable (apo)
unbound
Guilhem Moulin proposing an update to cover CVE-2025-11411
--
+webkit2gtk (berto)
+--
wordpress
Utkarsh Gupta proposed a debdiff to review.
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fe7b0819ed072cf1c1497ad3da376fab874b2ee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fe7b0819ed072cf1c1497ad3da376fab874b2ee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251202/3c4efc87/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list