Re: [blfs-book] [BLFS Trac] #14641: WebKitGTK-2.30.5

Mon, 15 Feb 2021 08:38:51 -0800 

#14641: WebKitGTK-2.30.5
-------------------------+---------------------
 Reporter:  renodr       |       Owner:  renodr
     Type:  enhancement  |      Status:  closed
 Priority:  high         |   Milestone:  10.1
Component:  BOOK         |     Version:  SVN
 Severity:  normal       |  Resolution:  fixed
 Keywords:               |
-------------------------+---------------------
Changes (by renodr):

 * priority:  normal => high


Comment:

 WSA-2021-0001 has been issued for CVE-2020-13558

 I'll go write a Security Advisory shortly.

 {{{
 ------------------------------------------------------------------------
 WebKitGTK and WPE WebKit Security Advisory                 WSA-2021-0001
 ------------------------------------------------------------------------

 Date reported           : February 15, 2021
 Advisory ID             : WSA-2021-0001
 WebKitGTK Advisory URL  :
 https://webkitgtk.org/security/WSA-2021-0001.html
 WPE WebKit Advisory URL :
 https://wpewebkit.org/security/WSA-2021-0001.html
 CVE identifiers         : CVE-2020-13558.

 Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

 CVE-2020-13558
     Versions affected: WebKitGTK before 2.30.5 and WPE WebKit before
 2.30.5.
     Credit to Marcin 'Icewall' Noga of Cisco Talos.
     Impact: Processing maliciously crafted web content may lead to
     arbitrary code execution. Description: An use after free issue in
     the AudioSourceProviderGStreamer class was addressed with improved
     memory management.


 We recommend updating to the latest stable versions of WebKitGTK and WPE
 WebKit. It is the best way to ensure that you are running safe versions
 of WebKit. Please check our websites for information about the latest
 stable releases.

 Further information about WebKitGTK and WPE WebKit security advisories
 can be found at: https://webkitgtk.org/security.html or
 https://wpewebkit.org/security/.

 The WebKitGTK and WPE WebKit team,
 February 15, 2021
 }}}

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14641#comment:4>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to