Alberto Garcia pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dcfe145f by Alberto Garcia at 2022-04-08T16:31:06+02:00
webkit2gtk / wpewebkit upstream advisory WSA-2022-0004
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18345,8 +18345,12 @@ CVE-2022-22639 (A logic issue was addressed with
improved state management. This
NOT-FOR-US: Apple
CVE-2022-22638 (A null pointer dereference was addressed with improved
validation. Thi ...)
NOT-FOR-US: Apple
-CVE-2022-22637
+CVE-2022-22637 [A logic issue was addressed with improved state management]
RESERVED
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0004.html
CVE-2022-22636 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
NOT-FOR-US: Apple
CVE-2022-22635 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
@@ -18361,18 +18365,30 @@ CVE-2022-22631 (An out-of-bounds write issue was
addressed with improved bounds
NOT-FOR-US: Apple
CVE-2022-22630
RESERVED
-CVE-2022-22629
+CVE-2022-22629 [A buffer overflow issue was addressed with improved memory
handling]
RESERVED
-CVE-2022-22628
+ - webkit2gtk 2.36.0-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ - wpewebkit 2.36.0-2
+ NOTE: https://webkitgtk.org/security/WSA-2022-0004.html
+CVE-2022-22628 [A use after free issue was addressed with improved memory
management]
RESERVED
+ - webkit2gtk 2.36.0-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ - wpewebkit 2.36.0-2
+ NOTE: https://webkitgtk.org/security/WSA-2022-0004.html
CVE-2022-22627 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
CVE-2022-22626 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
CVE-2022-22625 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
-CVE-2022-22624
+CVE-2022-22624 [A use after free issue was addressed with improved memory
management]
RESERVED
+ - webkit2gtk 2.36.0-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ - wpewebkit 2.36.0-2
+ NOTE: https://webkitgtk.org/security/WSA-2022-0004.html
CVE-2022-22623 (Multiple issues were addressed by updating to curl version
7.79.1. Thi ...)
NOT-FOR-US: Apple
CVE-2022-22622 (This issue was addressed with improved checks. This issue is
fixed in ...)
=====================================
data/DSA/list
=====================================
@@ -197,10 +197,10 @@
[buster] - nss 2:3.42.1-1+deb10u5
[bullseye] - nss 2:3.61-1+deb11u2
[25 Jan 2022] DSA-5061-1 wpewebkit - security update
- {CVE-2022-22594 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951
CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984}
+ {CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952
CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2022-22594 CVE-2022-22637}
[bullseye] - wpewebkit 2.34.4-1~deb11u1
[25 Jan 2022] DSA-5060-1 webkit2gtk - security update
- {CVE-2022-22594 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951
CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984}
+ {CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952
CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2022-22594 CVE-2022-22637}
[buster] - webkit2gtk 2.34.4-1~deb10u1
[bullseye] - webkit2gtk 2.34.4-1~deb11u1
[25 Jan 2022] DSA-5059-1 policykit-1 - security update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcfe145f41bba1403a45780c866f315df4a92ecb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcfe145f41bba1403a45780c866f315df4a92ecb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
