Alberto Garcia pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b5a5976e by Alberto Garcia at 2023-09-11T18:26:27+02:00
webkit2gtk / wpewebkit upstream advisory WSA-2023-0008
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -212,7 +212,10 @@ CVE-2023-41053 (Redis is an in-memory database that
persists on disk. Redis does
NOTE: Fixed by:
https://github.com/redis/redis/commit/0f14d3279212e1b262869b6160db87d6f117cff5
(7.0.13)
NOTE:
https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc
CVE-2023-40397 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.5-1
+ - wpewebkit 2.40.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
CVE-2023-40392 (A privacy issue was addressed with improved private data
redaction for ...)
NOT-FOR-US: Apple
CVE-2023-39967 (WireMock is a tool for mocking HTTP services. When certain
request URL ...)
@@ -431,7 +434,10 @@ CVE-2023-32425 (The issue was addressed with improved
memory handling. This issu
CVE-2023-32379 (A buffer overflow issue was addressed with improved memory
handling. T ...)
NOT-FOR-US: Apple
CVE-2023-32370 (A logic issue was addressed with improved validation. This
issue is fi ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.1-1
+ - wpewebkit 2.40.2-2
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
CVE-2023-32362 (Error handling was changed to not reveal sensitive
information. This i ...)
NOT-FOR-US: Apple
CVE-2023-32356 (A buffer overflow issue was addressed with improved memory
handling. T ...)
@@ -25311,7 +25317,10 @@ CVE-2023-28200 (A validation issue was addressed with
improved input sanitizatio
CVE-2023-28199 (An out-of-bounds read issue existed that led to the disclosure
of kern ...)
NOT-FOR-US: Apple
CVE-2023-28198 (A use-after-free issue was addressed with improved memory
management. ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.40.1-1
+ - wpewebkit 2.40.2-2
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0008.html
CVE-2023-28197
RESERVED
CVE-2023-28196
=====================================
data/DSA/list
=====================================
@@ -98,7 +98,7 @@
[bullseye] - thunderbird 1:102.14.0-1~deb11u1
[bookworm] - thunderbird 1:102.14.0-1~deb12u1
[05 Aug 2023] DSA-5468-1 webkit2gtk - security update
- {CVE-2023-38133 CVE-2023-38572 CVE-2023-38592 CVE-2023-38594
CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600 CVE-2023-38611}
+ {CVE-2023-38133 CVE-2023-38572 CVE-2023-38592 CVE-2023-38594
CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600 CVE-2023-38611
CVE-2023-40397}
[bullseye] - webkit2gtk 2.40.5-1~deb11u1
[bookworm] - webkit2gtk 2.40.5-1~deb12u1
[04 Aug 2023] DSA-5467-1 chromium - security update
@@ -345,7 +345,7 @@
{CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954
CVE-2023-28205}
[bullseye] - wpewebkit 2.38.6-1~deb11u1
[03 May 2023] DSA-5396-1 webkit2gtk - security update
- {CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954
CVE-2023-28205 CVE-2023-32393 CVE-2023-32435}
+ {CVE-2022-0108 CVE-2022-32885 CVE-2023-27932 CVE-2023-27954
CVE-2023-28205 CVE-2023-32393 CVE-2023-32435 CVE-2023-28198 CVE-2023-32370}
[bullseye] - webkit2gtk 2.40.1-1~deb11u1
[02 May 2023] DSA-5395-1 nodejs - security update
{CVE-2023-23920}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5a5976e3de0d1e7126d124b2150f8752f62a54a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5a5976e3de0d1e7126d124b2150f8752f62a54a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
