-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5762-1 secur...@debian.org https://www.debian.org/security/ Alberto Garcia August 30, 2024 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : webkit2gtk CVE ID : CVE-2024-4558 CVE-2024-40776 CVE-2024-40779 CVE-2024-40780 CVE-2024-40782 CVE-2024-40785 CVE-2024-40789 CVE-2024-40794 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-4558 An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-40776 Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-40779 Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-40780 Huang Xilin dicovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-40782 Maksymilian Motyl discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-40785 Johan Carlsson discovered that processing maliciously crafted web content may lead to a cross site scripting attack. CVE-2024-40789 Seunghyun Lee discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-40794 Matthew Butler discovered that private Browsing tabs may be accessed without authentication. For the stable distribution (bookworm), these problems have been fixed in version 2.44.3-1~deb12u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmbR5W8ACgkQAAyEYu0C 2ALznQ//bOsY+Xe6T18/q0zsHnyvCV/jxwfjrCUF+OVlulP5LJlrD6uQBdqMr5Jk 9cRcS+qxc/lnqOGU12+MSc2tfvn9XSl5dqZFTHxCH4ztWDjNBzxKrHk82RIkAQ9p UVzrslRIVrZKlqbeBOCIlJSzc6GEJi5Msxy/4lnSbQ380WGfWQ26mplmgnLQgOL1 OIInHO8VAonPU2I4v4G+BZA1lEKOsoJqXxdg8hsgyBiP4CDcxrpeN6SrPMARUObX CAsj+jsm4v8Bj7Wd8KvV4W3H137YmyrjPghWQwgmvyf+rvR1JjDwcXBTuAPv4HTC FQAFbVLoeQSLSpMO3b2oQ0s9f8o93/gbc4n7WyTYac/6IzxT/oH9uKwQABzWBg6C qcUBgJ1Z7rx9/PgQjWeT7uZdJkT7o7Eux2wtzud82jTM5goOCCqpZo93D35txiIu sRMoCaszdH65TJxLjPrJFargLw7x2kN0RJUAK167tnEsX56TWIGF+K7BQAr1YpS1 mf3+2VC632yp5MXoejBsGDE4bH1OlgKF8xEs13V2LTb3w1ursC046LcOHLURIwX1 +Cw49Pe6A0nhyv5raUaBzGvV9DbptTM+in8nCI4YXKlcQA87MjOORdVUnW1HWzZe PiRFGBay5dgSJW9ebTwVJQxNd2QKWZrLRDOLDhJuucxIZf+Fsb8= =SAKx -----END PGP SIGNATURE-----