Alberto Garcia pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0acb0fe3 by Alberto Garcia at 2023-08-05T03:10:50+03:00
webkit2gtk / wpewebkit upstream advisory WSA-2023-0007
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -922,11 +922,17 @@ CVE-2023-38604 (An out-of-bounds write issue was
addressed with improved input v
CVE-2023-38601 (This issue was addressed by removing the vulnerable code. This
issue i ...)
NOT-FOR-US: Apple
CVE-2023-38599 (A logic issue was addressed with improved state management.
This issue ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38598 (A use-after-free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
CVE-2023-38592 (A logic issue was addressed with improved restrictions. This
issue is ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38590 (A buffer overflow issue was addressed with improved memory
handling. T ...)
NOT-FOR-US: Apple
CVE-2023-38571 (This issue was addressed with improved validation of symlinks.
This is ...)
@@ -1037,7 +1043,10 @@ CVE-2023-3956 (The InstaWP Connect plugin for WordPress
is vulnerable to unautho
CVE-2023-3451
REJECTED
CVE-2023-38611 (The issue was addressed with improved memory handling. This
issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38608 (The issue was addressed with additional permissions checks.
This issue ...)
NOT-FOR-US: Apple
CVE-2023-38606 (This issue was addressed with improved state management. This
issue is ...)
@@ -1047,19 +1056,34 @@ CVE-2023-38603 (The issue was addressed with improved
checks. This issue is fixe
CVE-2023-38602 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2023-38600 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38597 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38595 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38594 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38593 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
CVE-2023-38580 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2023-38572 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38565 (A path handling issue was addressed with improved validation.
This iss ...)
NOT-FOR-US: Apple
CVE-2023-38564 (The issue was addressed with improved checks. This issue is
fixed in m ...)
@@ -1084,7 +1108,10 @@ CVE-2023-38258 (The issue was addressed with improved
checks. This issue is fixe
CVE-2023-38136 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2023-38133 (The issue was addressed with improved checks. This issue is
fixed in i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-37732 (Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in
/libyasm ...)
- yasm <unfixed> (unimportant)
NOTE: https://github.com/yasm/yasm/issues/233
=====================================
data/dsa-needed.txt
=====================================
@@ -92,6 +92,8 @@ thunderbird (jmm)
--
tiff
--
+webkit2gtk
+--
wpewebkit/oldstable
--
xrdp/oldstable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0acb0fe383944b3baaa72cd20374e6f7a4d3391c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0acb0fe383944b3baaa72cd20374e6f7a4d3391c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
