Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker
Commits: dcfe145f by Alberto Garcia at 2022-04-08T16:31:06+02:00 webkit2gtk / wpewebkit upstream advisory WSA-2022-0004 - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: ===================================== data/CVE/list ===================================== @@ -18345,8 +18345,12 @@ CVE-2022-22639 (A logic issue was addressed with improved state management. This NOT-FOR-US: Apple CVE-2022-22638 (A null pointer dereference was addressed with improved validation. Thi ...) NOT-FOR-US: Apple -CVE-2022-22637 +CVE-2022-22637 [A logic issue was addressed with improved state management] RESERVED + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0004.html CVE-2022-22636 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2022-22635 (An out-of-bounds write issue was addressed with improved bounds checki ...) @@ -18361,18 +18365,30 @@ CVE-2022-22631 (An out-of-bounds write issue was addressed with improved bounds NOT-FOR-US: Apple CVE-2022-22630 RESERVED -CVE-2022-22629 +CVE-2022-22629 [A buffer overflow issue was addressed with improved memory handling] RESERVED -CVE-2022-22628 + - webkit2gtk 2.36.0-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.36.0-2 + NOTE: https://webkitgtk.org/security/WSA-2022-0004.html +CVE-2022-22628 [A use after free issue was addressed with improved memory management] RESERVED + - webkit2gtk 2.36.0-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.36.0-2 + NOTE: https://webkitgtk.org/security/WSA-2022-0004.html CVE-2022-22627 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22626 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2022-22625 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple -CVE-2022-22624 +CVE-2022-22624 [A use after free issue was addressed with improved memory management] RESERVED + - webkit2gtk 2.36.0-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.36.0-2 + NOTE: https://webkitgtk.org/security/WSA-2022-0004.html CVE-2022-22623 (Multiple issues were addressed by updating to curl version 7.79.1. Thi ...) NOT-FOR-US: Apple CVE-2022-22622 (This issue was addressed with improved checks. This issue is fixed in ...) ===================================== data/DSA/list ===================================== @@ -197,10 +197,10 @@ [buster] - nss 2:3.42.1-1+deb10u5 [bullseye] - nss 2:3.61-1+deb11u2 [25 Jan 2022] DSA-5061-1 wpewebkit - security update - {CVE-2022-22594 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984} + {CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2022-22594 CVE-2022-22637} [bullseye] - wpewebkit 2.34.4-1~deb11u1 [25 Jan 2022] DSA-5060-1 webkit2gtk - security update - {CVE-2022-22594 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984} + {CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2022-22594 CVE-2022-22637} [buster] - webkit2gtk 2.34.4-1~deb10u1 [bullseye] - webkit2gtk 2.34.4-1~deb11u1 [25 Jan 2022] DSA-5059-1 policykit-1 - security update View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcfe145f41bba1403a45780c866f315df4a92ecb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcfe145f41bba1403a45780c866f315df4a92ecb You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits