Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
69c51299 by Moritz Muehlenhoff at 2021-12-21T13:11:57+01:00
new webkit issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -39511,19 +39511,34 @@ CVE-2021-30892 (An inherited permissions issue was
addressed with additional res
CVE-2021-30891
REJECTED
CVE-2021-30890 (A logic issue was addressed with improved state management.
This issue ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.34.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ - wpewebkit 2.34.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30889 (A buffer overflow issue was addressed with improved memory
handling. T ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30888 (An information leakage issue was addressed. This issue is
fixed in iOS ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30887 (A logic issue was addressed with improved restrictions. This
issue is ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.34.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ - wpewebkit 2.34.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30886 (A use after free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
CVE-2021-30885
REJECTED
CVE-2021-30884 (The issue was resolved with additional restrictions on CSS
compositing ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30883 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2021-30882 (A logic issue was addressed with improved validation. This
issue is fi ...)
@@ -39641,7 +39656,10 @@ CVE-2021-30838 (A memory corruption issue was
addressed with improved memory han
CVE-2021-30837 (A memory consumption issue was addressed with improved memory
handling ...)
NOT-FOR-US: Apple
CVE-2021-30836 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30835 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2021-30834 (A logic issue was addressed with improved state management.
This issue ...)
@@ -39667,7 +39685,10 @@ CVE-2021-30825 (This issue was addressed with improved
checks. This issue is fix
CVE-2021-30824 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
CVE-2021-30823 (A logic issue was addressed with improved restrictions. This
issue is ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30822
RESERVED
CVE-2021-30821 (A memory corruption issue was addressed with improved memory
handling. ...)
@@ -39677,7 +39698,10 @@ CVE-2021-30820 (A logic issue was addressed with
improved state management. This
CVE-2021-30819 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
CVE-2021-30818 (A type confusion issue was addressed with improved state
handling. Thi ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30817 (A permissions issue was addressed with improved validation.
This issue ...)
NOT-FOR-US: Apple
CVE-2021-30816 (The issue was addressed with improved permissions logic. This
issue is ...)
@@ -39695,7 +39719,10 @@ CVE-2021-30811 (This issue was addressed with improved
checks. This issue is fix
CVE-2021-30810 (An authorization issue was addressed with improved state
management. T ...)
NOT-FOR-US: Apple
CVE-2021-30809 (A use after free issue was addressed with improved memory
management. ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in
stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
CVE-2021-30808 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2021-30807 (A memory corruption issue was addressed with improved memory
handling. ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -65,6 +65,10 @@ trafficserver (jmm)
--
varnish
--
+webkit2gtk
+--
+wpewebkit/stable
+--
xorg-server (carnil)
Maintainer preparing updates
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69c51299dea51ac6a165ae6fa21f658bcc89481c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69c51299dea51ac6a165ae6fa21f658bcc89481c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
