Alberto Garcia pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fb642c1f by Alberto Garcia at 2020-04-27T19:21:39+02:00
webkit2gtk upstream advisory WSA-2020-0005
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -21490,13 +21490,33 @@ CVE-2020-3904 (Multiple memory corruption issues were
addressed with improved st
CVE-2020-3903 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2020-3902 (An input validation issue was addressed with improved input
validation ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3901 (A type confusion issue was addressed with improved memory
handling. Th ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3900 (A memory corruption issue was addressed with improved memory
handling. ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3899 (A memory consumption issue was addressed with improved memory
handling ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.2-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.2-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in
ppd-mark.c]
RESERVED
- cups 2.3.1-12
@@ -21507,13 +21527,28 @@ CVE-2020-3898 [heap based buffer overflow in
libcups's ppdFindOption() in ppd-ma
NOTE:
https://src.fedoraproject.org/rpms/cups/blob/c1920d09b842bd2d0611559d00d595abd8aa2424/f/cups-ppdopen-heap-overflow.patch
TODO: add commit once pushed to the https://github.com/apple/cups repo
CVE-2020-3897 (A type confusion issue was addressed with improved memory
handling. Th ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3896
RESERVED
CVE-2020-3895 (A memory corruption issue was addressed with improved memory
handling. ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3894 (A race condition was addressed with additional validation. This
issue ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3893 (A memory corruption issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
CVE-2020-3892 (A memory corruption issue was addressed with improved input
validation ...)
@@ -21531,7 +21566,12 @@ CVE-2020-3887 (A logic issue was addressed with
improved restrictions. This issu
CVE-2020-3886
RESERVED
CVE-2020-3885 (A logic issue was addressed with improved restrictions. This
issue is ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
CVE-2020-3884 (An injection issue was addressed with improved validation. This
issue ...)
NOT-FOR-US: Apple
CVE-2020-3883 (This issue was addressed with improved checks. This issue is
fixed in ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -50,5 +50,7 @@ tomcat9/stable
--
trafficserver (jmm)
--
+webkit2gtk
+--
xcftools (hle)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb642c1f9ba66be4d79aef8d2edfd79ed294797d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb642c1f9ba66be4d79aef8d2edfd79ed294797d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
