[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2025-0001

Alberto Garcia (@berto) berto at debian.org
Sun Feb 9 16:28:41 GMT 2025 


Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eabff502 by Alberto Garcia at 2025-02-09T17:28:01+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2025-0001

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2534,7 +2534,11 @@ CVE-2025-24166
 CVE-2025-24163 (The issue was addressed with improved checks. This issue is fixed in i ...)
 	NOT-FOR-US: Apple
 CVE-2025-24162 (This issue was addressed through improved state management. This issue ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.46.6-1
+	- wpewebkit 2.46.6-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
 CVE-2025-24161 (The issue was addressed with improved checks. This issue is fixed in i ...)
 	NOT-FOR-US: Apple
 CVE-2025-24160 (The issue was addressed with improved checks. This issue is fixed in i ...)
@@ -2542,7 +2546,11 @@ CVE-2025-24160 (The issue was addressed with improved checks. This issue is fixe
 CVE-2025-24159 (A validation issue was addressed with improved logic. This issue is fi ...)
 	NOT-FOR-US: Apple
 CVE-2025-24158 (The issue was addressed with improved memory handling. This issue is f ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.46.6-1
+	- wpewebkit 2.46.6-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
 CVE-2025-24156 (An integer overflow was addressed through improved input validation. T ...)
 	NOT-FOR-US: Apple
 CVE-2025-24154 (An out-of-bounds write was addressed with improved input validation. T ...)
@@ -2554,7 +2562,11 @@ CVE-2025-24152 (The issue was addressed with improved memory handling. This issu
 CVE-2025-24151 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple
 CVE-2025-24150 (A privacy issue was addressed with improved handling of files. This is ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.46.6-1
+	- wpewebkit 2.46.6-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
 CVE-2025-24149 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
 	NOT-FOR-US: Apple
 CVE-2025-24146 (This issue was addressed with improved redaction of sensitive informat ...)
@@ -2562,7 +2574,11 @@ CVE-2025-24146 (This issue was addressed with improved redaction of sensitive in
 CVE-2025-24145 (A privacy issue was addressed with improved private data redaction for ...)
 	NOT-FOR-US: Apple
 CVE-2025-24143 (The issue was addressed with improved access restrictions to the file  ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.46.6-1
+	- wpewebkit 2.46.6-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
 CVE-2025-24141 (An authentication issue was addressed with improved state management.  ...)
 	NOT-FOR-US: Apple
 CVE-2025-24140 (This issue was addressed through improved state management. This issue ...)
@@ -2689,7 +2705,11 @@ CVE-2024-54549 (This issue was addressed with improved redaction of sensitive in
 CVE-2024-54547 (The issue was addressed with improved checks. This issue is fixed in m ...)
 	NOT-FOR-US: Apple
 CVE-2024-54543 (The issue was addressed with improved memory handling. This issue is f ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.46.5-1
+	- wpewebkit 2.46.5-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
 CVE-2024-54542 (An authentication issue was addressed with improved state management.  ...)
 	NOT-FOR-US: Apple
 CVE-2024-54541 (This issue was addressed through improved state management. This issue ...)
@@ -5890,6 +5910,12 @@ CVE-2024-55511 (A null pointer dereference vulnerability in Macrium Reflect prio
 	NOT-FOR-US: Macrium Reflect
 CVE-2024-54660 (A JNDI injection issue was discovered in Cloudera JDBC Connector for H ...)
 	NOT-FOR-US: Cloudera JDBC Connector for Haadoop
+CVE-2024-54658 [Processing web content may lead to a denial-of-service]
+	- webkit2gtk 2.44.0-1
+	- wpewebkit 2.44.1-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
 CVE-2024-53553 (An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attack ...)
 	NOT-FOR-US: OPEXUS
 CVE-2024-52363 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
@@ -6676,7 +6702,11 @@ CVE-2024-36476 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2024-35280 (A improper neutralization of input during web page generation ('cross- ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-27856 (The issue was addressed with improved checks. This issue is fixed in m ...)
-	NOT-FOR-US: Apple
+	- webkit2gtk 2.46.0-1
+	- wpewebkit 2.46.0-1
+	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+	[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+	NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
 CVE-2024-13351 (The Social proof testimonials and reviews by Repuso plugin for WordPre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13215 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sen ...)


=====================================
data/DSA/list
=====================================
@@ -79,7 +79,7 @@
 	{CVE-2023-28746 CVE-2023-46841 CVE-2023-46842 CVE-2024-2193 CVE-2024-2201 CVE-2024-31142 CVE-2024-31143 CVE-2024-31145 CVE-2024-31146 CVE-2024-45817 CVE-2024-45818 CVE-2024-45819}
 	[bookworm] - xen 4.17.5+23-ga4e5191dc0-1
 [25 Dec 2024] DSA-5835-1 webkit2gtk - security update
-	{CVE-2024-54479 CVE-2024-54502 CVE-2024-54505 CVE-2024-54508}
+	{CVE-2024-54479 CVE-2024-54502 CVE-2024-54505 CVE-2024-54508 CVE-2024-54543}
 	[bookworm] - webkit2gtk 2.46.5-1~deb12u1
 [20 Dec 2024] DSA-5834-1 chromium - security update
 	{CVE-2024-12692 CVE-2024-12693 CVE-2024-12694 CVE-2024-12695}
@@ -212,7 +212,7 @@
 	{CVE-2024-9954 CVE-2024-9955 CVE-2024-9956 CVE-2024-9957 CVE-2024-9958 CVE-2024-9959 CVE-2024-9960 CVE-2024-9961 CVE-2024-9962 CVE-2024-9963 CVE-2024-9964 CVE-2024-9965 CVE-2024-9966}
 	[bookworm] - chromium 130.0.6723.58-1~deb12u1
 [14 Oct 2024] DSA-5792-1 webkit2gtk - security update
-	{CVE-2024-40866 CVE-2024-44185 CVE-2024-44187 CVE-2024-54534}
+	{CVE-2024-40866 CVE-2024-44185 CVE-2024-44187 CVE-2024-54534 CVE-2024-27856}
 	[bookworm] - webkit2gtk 2.46.0-2~deb12u1
 [13 Oct 2024] DSA-5791-1 python-reportlab - security update
 	{CVE-2023-33733}
@@ -580,7 +580,7 @@
 	[bullseye] - wordpress 5.7.11+dfsg1-0+deb11u1
 	[bookworm] - wordpress 6.1.6+dfsg1-0+deb12u1
 [09 May 2024] DSA-5684-1 webkit2gtk - security update
-	{CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23254 CVE-2024-23263 CVE-2024-23280 CVE-2024-23284}
+	{CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23254 CVE-2024-23263 CVE-2024-23280 CVE-2024-23284 CVE-2024-54658}
 	[bullseye] - webkit2gtk 2.44.1-1~deb11u1
 	[bookworm] - webkit2gtk 2.44.1-1~deb12u1
 [08 May 2024] DSA-5683-1 chromium - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eabff502183d9f7c5c8ba13b192dcac17e971b55

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eabff502183d9f7c5c8ba13b192dcac17e971b55
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250209/575411db/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list