wpewebkit upstream advisory WSA-2023-0008

Alberto Garcia (@berto) Mon, 11 Sep 2023 09:27:19 -0700


Alberto Garcia pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b5a5976e by Alberto Garcia at 2023-09-11T18:26:27+02:00
webkit2gtk / wpewebkit upstream advisory WSA-2023-0008

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -212,7 +212,10 @@ CVE-2023-41053 (Redis is an in-memory database that 
persists on disk. Redis does
        NOTE: Fixed by: 
https://github.com/redis/redis/commit/0f14d3279212e1b262869b6160db87d6f117cff5 
(7.0.13)
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc
 CVE-2023-40397 (The issue was addressed with improved checks. This issue is 
fixed in m ...)
-       NOT-FOR-US: Apple
+       - webkit2gtk 2.40.5-1
+       - wpewebkit 2.40.5-1
+       [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security 
support in Bookworm)
+       NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
 CVE-2023-40392 (A privacy issue was addressed with improved private data 
redaction for ...)
        NOT-FOR-US: Apple
 CVE-2023-39967 (WireMock is a tool for mocking HTTP services. When certain 
request URL ...)
@@ -431,7 +434,10 @@ CVE-2023-32425 (The issue was addressed with improved 
memory handling. This issu
 CVE-2023-32379 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
        NOT-FOR-US: Apple
 CVE-2023-32370 (A logic issue was addressed with improved validation. This 
issue is fi ...)
-       NOT-FOR-US: Apple
+       - webkit2gtk 2.40.1-1
+       - wpewebkit 2.40.2-2
+       [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security 
support in Bookworm)
+       NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
 CVE-2023-32362 (Error handling was changed to not reveal sensitive 
information. This i ...)
        NOT-FOR-US: Apple
 CVE-2023-32356 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
@@ -25311,7 +25317,10 @@ CVE-2023-28200 (A validation issue was addressed with 
improved input sanitizatio
 CVE-2023-28199 (An out-of-bounds read issue existed that led to the disclosure 
of kern ...)
        NOT-FOR-US: Apple
 CVE-2023-28198 (A use-after-free issue was addressed with improved memory 
management.  ...)
-       NOT-FOR-US: Apple
+       - webkit2gtk 2.40.1-1
+       - wpewebkit 2.40.2-2
+       [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security 
support in Bookworm)
+       NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
 CVE-2023-28197
        RESERVED
 CVE-2023-28196


=====================================
data/DSA/list
=====================================
@@ -98,7 +98,7 @@
        [bullseye] - thunderbird 1:102.14.0-1~deb11u1
        [bookworm] - thunderbird 1:102.14.0-1~deb12u1
 [05 Aug 2023] DSA-5468-1 webkit2gtk - security update
-       {CVE-2023-38133 CVE-2023-38572 CVE-2023-38592 CVE-2023-38594 
CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600 CVE-2023-38611}
+       {CVE-2023-38133 CVE-2023-38572 CVE-2023-38592 CVE-2023-38594 
CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600 CVE-2023-38611 
CVE-2023-40397}
        [bullseye] - webkit2gtk 2.40.5-1~deb11u1
        [bookworm] - webkit2gtk 2.40.5-1~deb12u1
 [04 Aug 2023] DSA-5467-1 chromium - security update
@@ -345,7 +345,7 @@
        {CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 
CVE-2023-28205}
        [bullseye] - wpewebkit 2.38.6-1~deb11u1
 [03 May 2023] DSA-5396-1 webkit2gtk - security update
-       {CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 
CVE-2023-28205 CVE-2023-32393 CVE-2023-32435}
+       {CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954 
CVE-2023-28205 CVE-2023-32393 CVE-2023-32435 CVE-2023-28198 CVE-2023-32370}
        [bullseye] - webkit2gtk 2.40.1-1~deb11u1
 [02 May 2023] DSA-5395-1 nodejs - security update
        {CVE-2023-23920}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5a5976e3de0d1e7126d124b2150f8752f62a54a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5a5976e3de0d1e7126d124b2150f8752f62a54a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2023-0008

Reply via email to