[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2025-0010
Alberto Garcia (@berto)
berto at debian.org
Wed Dec 17 16:06:32 GMT 2025
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6453ae36 by Alberto Garcia at 2025-12-17T17:05:33+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2025-0010
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1734,14 +1734,49 @@ CVE-2025-46276 (An information disclosure issue was addressed with improved priv
NOT-FOR-US: Apple
CVE-2025-43542 (This issue was addressed with improved state management. This issue is ...)
NOT-FOR-US: Apple
+CVE-2025-43541 [Malicious web content may lead to an unexpected process crash]
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43539 (The issue was addressed with improved bounds checks. This issue is fix ...)
NOT-FOR-US: Apple
CVE-2025-43538 (A logging issue was addressed with improved data redaction. This issue ...)
NOT-FOR-US: Apple
+CVE-2025-43536 [Malicious web content may lead to an unexpected process crash]
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
+CVE-2025-43535 [Malicious web content may lead to an unexpected process crash]
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43532 (A memory corruption issue was addressed with improved bounds checking. ...)
NOT-FOR-US: Apple
+CVE-2025-43531 [Malicious web content may lead to an unexpected process crash]
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43530 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
+CVE-2025-43529 [Malicious web content may lead to arbitrary code execution]
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43527 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43523 (A permissions issue was addressed with additional restrictions. This i ...)
@@ -1772,6 +1807,13 @@ CVE-2025-43509 (This issue was addressed with improved data protection. This iss
NOT-FOR-US: Apple
CVE-2025-43506 (A logic error was addressed with improved error handling. This issue i ...)
NOT-FOR-US: Apple
+CVE-2025-43501 [Malicious web content may lead to an unexpected process crash]
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43497 (An access issue was addressed with additional sandbox restrictions. Th ...)
NOT-FOR-US: Apple
CVE-2025-43494 (A mail header parsing issue was addressed with improved checks. This i ...)
@@ -2003,6 +2045,12 @@ CVE-2025-14442 (The Secure Copy Content Protection and Content Locking plugin fo
NOT-FOR-US: WordPress plugin
CVE-2025-14174 (Out of bounds memory access in ANGLE in Google Chrome on Mac prior to ...)
- chromium <not-affected> (Only affects Chromium on MacOS)
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-14159 (The Secure Copy Content Protection and Content Locking plugin for Word ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14074 (The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -84,6 +84,8 @@ tomcat10/oldstable (apo)
--
tomcat11/stable (apo)
--
+webkit2gtk (berto)
+--
wordpress/stable
--
zabbix/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6453ae36bbfbf5fefbe1f6681bba1671fb7a0ebc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6453ae36bbfbf5fefbe1f6681bba1671fb7a0ebc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251217/bcfba5e2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list