wpewebkit upstream advisory WSA-2023-0010

Alberto Garcia (@berto) Wed, 15 Nov 2023 13:46:59 -0800


Alberto Garcia pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
da193412 by Alberto Garcia at 2023-11-15T22:46:16+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2023-0010

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3482,7 +3482,12 @@ CVE-2023-42856 (The issue was addressed with improved 
memory handling. This issu
 CVE-2023-42854 (This issue was addressed by removing the vulnerable code. This 
issue i ...)
        NOT-FOR-US: Apple
 CVE-2023-42852 (A logic issue was addressed with improved checks. This issue 
is fixed  ...)
-       NOT-FOR-US: Apple
+       - webkit2gtk 2.42.2-1
+       [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+       - wpewebkit 2.42.2-1
+       [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security 
support in Bookworm)
+       [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be 
sensibly backported)
+       NOTE: https://webkitgtk.org/security/WSA-2023-0010.html
 CVE-2023-42850 (The issue was addressed with improved permissions logic. This 
issue is ...)
        NOT-FOR-US: Apple
 CVE-2023-42849 (The issue was addressed with improved memory handling. This 
issue is f ...)
@@ -3522,7 +3527,11 @@ CVE-2023-41989 (The issue was addressed by restricting 
options offered on a lock
 CVE-2023-41988 (This issue was addressed by restricting options offered on a 
locked de ...)
        NOT-FOR-US: Apple
 CVE-2023-41983 (The issue was addressed with improved memory handling. This 
issue is f ...)
-       NOT-FOR-US: Apple
+       - webkit2gtk 2.42.2-1
+       [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+       - wpewebkit 2.42.2-1
+       [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security 
support in Bookworm)
+       NOTE: https://webkitgtk.org/security/WSA-2023-0010.html
 CVE-2023-41982 (This issue was addressed by restricting options offered on a 
locked de ...)
        NOT-FOR-US: Apple
 CVE-2023-41977 (The issue was addressed with improved handling of caches. This 
issue i ...)
@@ -3594,6 +3603,7 @@ CVE-2023-32359 (This issue was addressed with improved 
redaction of sensitive in
        - wpewebkit 2.42.0-1
        [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security 
support in Bookworm)
        [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.42 can no longer be 
sensibly backported)
+       NOTE: https://webkitgtk.org/security/WSA-2023-0010.html
 CVE-2023-46660 (Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time 
compari ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2023-46659 (Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape 
the Trac ...)
@@ -60696,6 +60706,7 @@ CVE-2022-46725 (A spoofing issue existed in the 
handling of URLs. This issue was
        {DSA-5341-1 DSA-5340-1}
        - webkit2gtk 2.38.4-1
        - wpewebkit 2.38.4-1
+       NOTE: https://webkitgtk.org/security/WSA-2023-0010.html
 CVE-2022-46724 (This issue was addressed by restricting options offered on a 
locked de ...)
        NOT-FOR-US: Apple
 CVE-2022-46723 (This issue was addressed with improved checks. This issue is 
fixed in  ...)
@@ -60738,6 +60749,7 @@ CVE-2022-46705 (A spoofing issue existed in the 
handling of URLs. This issue was
        {DSA-5341-1 DSA-5340-1}
        - webkit2gtk 2.38.4-1
        - wpewebkit 2.38.4-1
+       NOTE: https://webkitgtk.org/security/WSA-2023-0010.html
 CVE-2022-46704 (A logic issue was addressed with improved state management. 
This issue ...)
        NOT-FOR-US: Apple
 CVE-2022-46703 (A logic issue was addressed with improved restrictions. This 
issue is  ...)
@@ -101894,6 +101906,7 @@ CVE-2022-32933 [A website may be able to track the 
websites a user visited in Sa
        {DSA-5241-1 DSA-5240-1}
        - webkit2gtk 2.38.0-1
        - wpewebkit 2.38.0-1
+       NOTE: https://webkitgtk.org/security/WSA-2023-0010.html
 CVE-2022-32932 (The issue was addressed with improved memory handling. This 
issue is f ...)
        NOT-FOR-US: Apple
 CVE-2022-32931
@@ -101927,6 +101940,7 @@ CVE-2022-32919 [Visiting a website that frames 
malicious content may lead to UI
        {DSA-5341-1 DSA-5340-1}
        - webkit2gtk 2.38.4-1
        - wpewebkit 2.38.4-1
+       NOTE: https://webkitgtk.org/security/WSA-2023-0010.html
 CVE-2022-32918 (This issue was addressed with improved data protection. This 
issue is  ...)
        NOT-FOR-US: Apple
 CVE-2022-32917 (The issue was addressed with improved bounds checks. This 
issue is fix ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -94,6 +94,8 @@ tiff (aron)
 --
 tor
 --
+webkit2gtk (berto)
+--
 xen (jmm)
 --
 zbar



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da1934120544a2c5aa22d2ecd9a5efa5ba31ded2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da1934120544a2c5aa22d2ecd9a5efa5ba31ded2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2023-0010

Reply via email to