Alberto Garcia pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3a738913 by Alberto Garcia at 2020-07-10T15:56:46+02:00
webkit2gtk upstream advisory WSA-2020-0006
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4699,6 +4699,11 @@ CVE-2020-13755
RESERVED
CVE-2020-13753
RESERVED
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
CVE-2020-13752
RESERVED
CVE-2020-13751
@@ -15736,7 +15741,12 @@ CVE-2020-9852 (An integer overflow was addressed
through improved input validati
CVE-2020-9851 (An access issue was addressed with improved access
restrictions. This ...)
NOT-FOR-US: Apple
CVE-2020-9850 (A logic issue was addressed with improved restrictions. This
issue is ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
CVE-2020-9849
RESERVED
CVE-2020-9848 (An authorization issue was addressed with improved state
management. T ...)
@@ -15750,7 +15760,12 @@ CVE-2020-9845
CVE-2020-9844 (A double free issue was addressed with improved memory
management. Thi ...)
NOT-FOR-US: Apple
CVE-2020-9843 (An input validation issue was addressed with improved input
validation ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
CVE-2020-9842 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2020-9841 (An integer overflow was addressed through improved input
validation. T ...)
@@ -15822,17 +15837,42 @@ CVE-2020-9809 (An information disclosure issue was
addressed with improved state
CVE-2020-9808 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
CVE-2020-9807 (A memory corruption issue was addressed with improved state
management ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
CVE-2020-9806 (A memory corruption issue was addressed with improved state
management ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
CVE-2020-9805 (A logic issue was addressed with improved restrictions. This
issue is ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
CVE-2020-9804 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
CVE-2020-9803 (A memory corruption issue was addressed with improved
validation. This ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
CVE-2020-9802 (A logic issue was addressed with improved restrictions. This
issue is ...)
- NOT-FOR-US: Apple
+ RESERVED
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
CVE-2020-9801 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
CVE-2020-9800 (A type confusion issue was addressed with improved memory
handling. Th ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -33,6 +33,8 @@ squid (jmm)
--
teeworlds (jmm)
--
+webkit2gtk
+--
xcftools
Hugo proposed to work on this update
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a7389134ed795cc90aa9fc2b2d6c46835b60b83
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a7389134ed795cc90aa9fc2b2d6c46835b60b83
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
