Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7cea4b47 by Emilio Pozuelo Monfort at 2022-08-18T09:46:31+02:00
Reserve DLA-3074-1 for epiphany-browser
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -50324,14 +50324,12 @@ CVE-2021-45089 (Stormshield Endpoint Security 2.x
before 2.1.2 has Incorrect Acc
CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x
before ...)
{DSA-5042-1}
- epiphany-browser 41.2-1
- [buster] - epiphany-browser <no-dsa> (Minor issue)
[stretch] - epiphany-browser <ignored> (WebKit browser, not covered by
security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x
before ...)
{DSA-5042-1}
- epiphany-browser 41.2-1
- [buster] - epiphany-browser <no-dsa> (Minor issue)
[stretch] - epiphany-browser <ignored> (WebKit browser, not covered by
security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
@@ -50345,7 +50343,6 @@ CVE-2021-45086 (XSS can occur in GNOME Web (aka
Epiphany) before 40.4 and 41.x b
CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x
before ...)
{DSA-5042-1}
- epiphany-browser 41.2-1
- [buster] - epiphany-browser <no-dsa> (Minor issue)
[stretch] - epiphany-browser <ignored> (WebKit browser, not covered by
security support in stretch)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[18 Aug 2022] DLA-3074-1 epiphany-browser - security update
+ {CVE-2021-45085 CVE-2021-45087 CVE-2021-45088 CVE-2022-29536}
+ [buster] - epiphany-browser 3.32.1.2-3~deb10u2
[17 Aug 2022] DLA-3073-1 webkit2gtk - security update
{CVE-2022-32792 CVE-2022-32816}
[buster] - webkit2gtk 2.36.6-1~deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -29,9 +29,6 @@ asterisk (Markus Koschany)
curl (Markus Koschany)
NOTE: 20220802: Programming language: C.
--
-epiphany-browser (Emilio)
- NOTE: 20220811: Programming language: C.
---
freecad (Emilio)
NOTE: 20220815: Programming language: Python.
NOTE: 20220815: Not all of the vulnerable os.system calls exist in the
buster version. (lamby)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cea4b479af84a5fc41316a6273525a1714358d3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cea4b479af84a5fc41316a6273525a1714358d3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
