Alberto Garcia pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0acb0fe3 by Alberto Garcia at 2023-08-05T03:10:50+03:00 webkit2gtk / wpewebkit upstream advisory WSA-2023-0007 - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -922,11 +922,17 @@ CVE-2023-38604 (An out-of-bounds write issue was addressed with improved input v CVE-2023-38601 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2023-38599 (A logic issue was addressed with improved state management. This issue ...) - NOT-FOR-US: Apple + - webkit2gtk 2.40.5-1 + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38598 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-38592 (A logic issue was addressed with improved restrictions. This issue is ...) - NOT-FOR-US: Apple + - webkit2gtk 2.40.5-1 + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38590 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2023-38571 (This issue was addressed with improved validation of symlinks. This is ...) @@ -1037,7 +1043,10 @@ CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to unautho CVE-2023-3451 REJECTED CVE-2023-38611 (The issue was addressed with improved memory handling. This issue is f ...) - NOT-FOR-US: Apple + - webkit2gtk 2.40.5-1 + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38608 (The issue was addressed with additional permissions checks. This issue ...) NOT-FOR-US: Apple CVE-2023-38606 (This issue was addressed with improved state management. This issue is ...) @@ -1047,19 +1056,34 @@ CVE-2023-38603 (The issue was addressed with improved checks. This issue is fixe CVE-2023-38602 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2023-38600 (The issue was addressed with improved checks. This issue is fixed in i ...) - NOT-FOR-US: Apple + - webkit2gtk 2.40.5-1 + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38597 (The issue was addressed with improved checks. This issue is fixed in i ...) - NOT-FOR-US: Apple + - webkit2gtk 2.40.5-1 + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38595 (The issue was addressed with improved checks. This issue is fixed in i ...) - NOT-FOR-US: Apple + - webkit2gtk 2.40.5-1 + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38594 (The issue was addressed with improved checks. This issue is fixed in i ...) - NOT-FOR-US: Apple + - webkit2gtk 2.40.5-1 + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38593 (A logic issue was addressed with improved checks. This issue is fixed ...) NOT-FOR-US: Apple CVE-2023-38580 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-38572 (The issue was addressed with improved checks. This issue is fixed in i ...) - NOT-FOR-US: Apple + - webkit2gtk 2.40.5-1 + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38565 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2023-38564 (The issue was addressed with improved checks. This issue is fixed in m ...) @@ -1084,7 +1108,10 @@ CVE-2023-38258 (The issue was addressed with improved checks. This issue is fixe CVE-2023-38136 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-38133 (The issue was addressed with improved checks. This issue is fixed in i ...) - NOT-FOR-US: Apple + - webkit2gtk 2.40.5-1 + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-37732 (Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm ...) - yasm <unfixed> (unimportant) NOTE: https://github.com/yasm/yasm/issues/233 ===================================== data/dsa-needed.txt ===================================== @@ -92,6 +92,8 @@ thunderbird (jmm) -- tiff -- +webkit2gtk +-- wpewebkit/oldstable -- xrdp/oldstable View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0acb0fe383944b3baaa72cd20374e6f7a4d3391c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0acb0fe383944b3baaa72cd20374e6f7a4d3391c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits