[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2025-0002
Alberto Garcia (@berto)
berto at debian.org
Thu Mar 20 12:47:35 GMT 2025
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker
Commits:
10f2d402 by Alberto Garcia at 2025-03-20T13:46:49+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2025-0002
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1976,7 +1976,11 @@ CVE-2025-24431 (Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428
NOT-FOR-US: Adobe
CVE-2025-24201 (An out-of-bounds write issue was addressed with improved checks to pre ...)
{DSA-5877-1}
- NOT-FOR-US: Apple
+ - webkit2gtk 2.48.0-1
+ - wpewebkit 2.48.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0002.html
CVE-2025-24084 (Untrusted pointer dereference in Windows Subsystem for Linux allows an ...)
NOT-FOR-US: Microsoft
CVE-2025-24083 (Untrusted pointer dereference in Microsoft Office allows an unauthoriz ...)
@@ -2451,7 +2455,11 @@ CVE-2024-54473 (This issue was addressed with improved redaction of sensitive in
CVE-2024-54469 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-54467 (A cookie management issue was addressed with improved state management ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.48.0-1
+ - wpewebkit 2.48.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0002.html
CVE-2024-54463 (This issue was addressed with improved entitlements. This issue is fix ...)
NOT-FOR-US: Apple
CVE-2024-53307 (A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpo ...)
@@ -2465,7 +2473,11 @@ CVE-2024-47109 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 th
CVE-2024-44227 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2024-44192 (The issue was addressed with improved checks. This issue is fixed in w ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.48.0-1
+ - wpewebkit 2.48.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0002.html
CVE-2024-44179 (This issue was addressed by restricting options offered on a locked de ...)
NOT-FOR-US: Apple
CVE-2024-13919 (The Laravel framework versions between 11.9.0 and 11.35.1 are suscepti ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10f2d40258f0d426b78b1779f64328eccc9c5b67
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10f2d40258f0d426b78b1779f64328eccc9c5b67
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250320/9559e62c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list