Alberto Garcia pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
076610c1 by Alberto Garcia at 2025-09-23T17:46:33+02:00
webkit2gtk / wpewebkit upstream advisory WSA-2025-0006
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3830,7 +3830,10 @@ CVE-2025-43370 (A path handling issue was addressed with
improved validation. Th
CVE-2025-43369 (This issue was addressed with improved handling of symlinks.
This issu ...)
NOT-FOR-US: Apple
CVE-2025-43368 (A use-after-free issue was addressed with improved memory
management. ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.0-1
+ - wpewebkit 2.50.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0006.html
CVE-2025-43367 (A privacy issue was addressed by moving sensitive data. This
issue is ...)
NOT-FOR-US: Apple
CVE-2025-43366 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
@@ -3844,7 +3847,10 @@ CVE-2025-43358 (A permissions issue was addressed with
additional sandbox restri
CVE-2025-43357 (This issue was addressed with improved redaction of sensitive
informat ...)
NOT-FOR-US: Apple
CVE-2025-43356 (The issue was addressed with improved handling of caches. This
issue i ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.0-1
+ - wpewebkit 2.50.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0006.html
CVE-2025-43355 (A type confusion issue was addressed with improved memory
handling. Th ...)
NOT-FOR-US: Apple
CVE-2025-43354 (A logging issue was addressed with improved data redaction.
This issue ...)
@@ -3862,7 +3868,10 @@ CVE-2025-43344 (An out-of-bounds access issue was
addressed with improved bounds
CVE-2025-43343 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2025-43342 (A correctness issue was addressed with improved checks. This
issue is ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.0-1
+ - wpewebkit 2.50.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0006.html
CVE-2025-43341 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43340 (A permissions issue was addressed with additional
restrictions. This i ...)
@@ -3948,7 +3957,10 @@ CVE-2025-43283 (An out-of-bounds read was addressed with
improved bounds checkin
CVE-2025-43279 (A privacy issue was addressed with improved private data
redaction for ...)
NOT-FOR-US: Apple
CVE-2025-43272 (The issue was addressed with improved memory handling. This
issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.50.0-1
+ - wpewebkit 2.50.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0006.html
CVE-2025-43263 (The issue was addressed with improved checks. This issue is
fixed in X ...)
NOT-FOR-US: Apple
CVE-2025-43262 (A permissions issue was addressed with additional
restrictions. This i ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -74,6 +74,8 @@ tomcat10/oldstable
--
tomcat11/stable
--
+webkit2gtk (berto)
+--
wordpress
Utkarsh Gupta proposed a debdiff to review.
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/076610c1ac651d3e4a24150f353fb5918406237e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/076610c1ac651d3e4a24150f353fb5918406237e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
