[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2026-0002
Alberto Garcia (@berto)
berto at debian.org
Fri Mar 27 23:34:57 GMT 2026
Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b8fa4479 by Alberto Garcia at 2026-03-28T00:34:38+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2026-0002
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2039,7 +2039,13 @@ CVE-2026-28875 (A buffer overflow was addressed with improved bounds checking. T
CVE-2026-28874 (The issue was addressed with improved checks. This issue is fixed in i ...)
NOT-FOR-US: Apple
CVE-2026-28871 (A logic issue was addressed with improved checks. This issue is fixed ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.52.1-1
+ [bookworm] - webkit2gtk <end-of-life> (webkit2gtk >= 2.52 can no longer be backported)
+ - wpewebkit 2.52.1-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2026-0002.html
CVE-2026-28870 (An information leakage was addressed with additional validation. This ...)
NOT-FOR-US: Apple
CVE-2026-28868 (A logging issue was addressed with improved data redaction. This issue ...)
@@ -2057,13 +2063,31 @@ CVE-2026-28863 (A permissions issue was addressed with additional restrictions.
CVE-2026-28862 (A privacy issue was addressed with improved private data redaction for ...)
NOT-FOR-US: Apple
CVE-2026-28861 (A logic issue was addressed with improved state management. This issue ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.52.1-1
+ [bookworm] - webkit2gtk <end-of-life> (webkit2gtk >= 2.52 can no longer be backported)
+ - wpewebkit 2.52.1-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2026-0002.html
CVE-2026-28859 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.52.1-1
+ [bookworm] - webkit2gtk <end-of-life> (webkit2gtk >= 2.52 can no longer be backported)
+ - wpewebkit 2.52.1-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2026-0002.html
CVE-2026-28858 (A buffer overflow was addressed with improved bounds checking. This is ...)
NOT-FOR-US: Apple
CVE-2026-28857 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.52.1-1
+ [bookworm] - webkit2gtk <end-of-life> (webkit2gtk >= 2.52 can no longer be backported)
+ - wpewebkit 2.52.1-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2026-0002.html
CVE-2026-28856 (The issue was addressed with improved authentication. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2026-28855 (A permissions issue was addressed with additional restrictions. This i ...)
@@ -2155,7 +2179,13 @@ CVE-2026-20693 (This issue was addressed through improved state management. This
CVE-2026-20692 (A privacy issue was addressed with improved handling of user preferenc ...)
NOT-FOR-US: Apple
CVE-2026-20691 (An authorization issue was addressed with improved state management. T ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.52.1-1
+ [bookworm] - webkit2gtk <end-of-life> (webkit2gtk >= 2.52 can no longer be backported)
+ - wpewebkit 2.52.1-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2026-0002.html
CVE-2026-20690 (An out-of-bounds access issue was addressed with improved bounds check ...)
NOT-FOR-US: Apple
CVE-2026-20688 (A path handling issue was addressed with improved validation. This iss ...)
@@ -2171,9 +2201,21 @@ CVE-2026-20670 (An authorization issue was addressed with improved state managem
CVE-2026-20668 (A logging issue was addressed with improved data redaction. This issue ...)
NOT-FOR-US: Apple
CVE-2026-20665 (This issue was addressed through improved state management. This issue ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.52.1-1
+ [bookworm] - webkit2gtk <end-of-life> (webkit2gtk >= 2.52 can no longer be backported)
+ - wpewebkit 2.52.1-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2026-0002.html
CVE-2026-20664 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.52.1-1
+ [bookworm] - webkit2gtk <end-of-life> (webkit2gtk >= 2.52 can no longer be backported)
+ - wpewebkit 2.52.1-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2026-0002.html
CVE-2026-20657 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2026-20651 (A privacy issue was addressed with improved handling of temporary file ...)
@@ -5965,7 +6007,13 @@ CVE-2026-22168 (OpenClaw versions prior to 2026.2.21 contain an approval-integri
CVE-2026-21994 (Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Vis ...)
NOT-FOR-US: Oracle
CVE-2026-20643 (A cross-origin issue in the Navigation API was addressed with improved ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.52.1-1
+ [bookworm] - webkit2gtk <end-of-life> (webkit2gtk >= 2.52 can no longer be backported)
+ - wpewebkit 2.52.1-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2026-0002.html
CVE-2026-1926 (The Subscriptions for WooCommerce plugin for WordPress is vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1780 (The [CR]Paid Link Manager plugin for WordPress is vulnerable to Reflec ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8fa447933e0542b0d43c3c2ede80d28ece1c7e7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8fa447933e0542b0d43c3c2ede80d28ece1c7e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260327/a7bf5fab/attachment.htm>
More information about the debian-security-tracker-commits
mailing list