Alberto Garcia pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eabff502 by Alberto Garcia at 2025-02-09T17:28:01+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2025-0001
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2534,7 +2534,11 @@ CVE-2025-24166
CVE-2025-24163 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2025-24162 (This issue was addressed through improved state management.
This issue ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.46.6-1
+ - wpewebkit 2.46.6-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
CVE-2025-24161 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
CVE-2025-24160 (The issue was addressed with improved checks. This issue is
fixed in i ...)
@@ -2542,7 +2546,11 @@ CVE-2025-24160 (The issue was addressed with improved
checks. This issue is fixe
CVE-2025-24159 (A validation issue was addressed with improved logic. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2025-24158 (The issue was addressed with improved memory handling. This
issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.46.6-1
+ - wpewebkit 2.46.6-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
CVE-2025-24156 (An integer overflow was addressed through improved input
validation. T ...)
NOT-FOR-US: Apple
CVE-2025-24154 (An out-of-bounds write was addressed with improved input
validation. T ...)
@@ -2554,7 +2562,11 @@ CVE-2025-24152 (The issue was addressed with improved
memory handling. This issu
CVE-2025-24151 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2025-24150 (A privacy issue was addressed with improved handling of files.
This is ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.46.6-1
+ - wpewebkit 2.46.6-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
CVE-2025-24149 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
CVE-2025-24146 (This issue was addressed with improved redaction of sensitive
informat ...)
@@ -2562,7 +2574,11 @@ CVE-2025-24146 (This issue was addressed with improved
redaction of sensitive in
CVE-2025-24145 (A privacy issue was addressed with improved private data
redaction for ...)
NOT-FOR-US: Apple
CVE-2025-24143 (The issue was addressed with improved access restrictions to
the file ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.46.6-1
+ - wpewebkit 2.46.6-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
CVE-2025-24141 (An authentication issue was addressed with improved state
management. ...)
NOT-FOR-US: Apple
CVE-2025-24140 (This issue was addressed through improved state management.
This issue ...)
@@ -2689,7 +2705,11 @@ CVE-2024-54549 (This issue was addressed with improved
redaction of sensitive in
CVE-2024-54547 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-54543 (The issue was addressed with improved memory handling. This
issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.46.5-1
+ - wpewebkit 2.46.5-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
CVE-2024-54542 (An authentication issue was addressed with improved state
management. ...)
NOT-FOR-US: Apple
CVE-2024-54541 (This issue was addressed through improved state management.
This issue ...)
@@ -5890,6 +5910,12 @@ CVE-2024-55511 (A null pointer dereference vulnerability
in Macrium Reflect prio
NOT-FOR-US: Macrium Reflect
CVE-2024-54660 (A JNDI injection issue was discovered in Cloudera JDBC
Connector for H ...)
NOT-FOR-US: Cloudera JDBC Connector for Haadoop
+CVE-2024-54658 [Processing web content may lead to a denial-of-service]
+ - webkit2gtk 2.44.0-1
+ - wpewebkit 2.44.1-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
CVE-2024-53553 (An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0
allows attack ...)
NOT-FOR-US: OPEXUS
CVE-2024-52363 (IBM InfoSphere Information Server 11.7 could allow a remote
attacker t ...)
@@ -6676,7 +6702,11 @@ CVE-2024-36476 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2024-35280 (A improper neutralization of input during web page generation
('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2024-27856 (The issue was addressed with improved checks. This issue is
fixed in m ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.46.0-1
+ - wpewebkit 2.46.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0001.html
CVE-2024-13351 (The Social proof testimonials and reviews by Repuso plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13215 (The Elementor Addon Elements plugin for WordPress is
vulnerable to Sen ...)
=====================================
data/DSA/list
=====================================
@@ -79,7 +79,7 @@
{CVE-2023-28746 CVE-2023-46841 CVE-2023-46842 CVE-2024-2193
CVE-2024-2201 CVE-2024-31142 CVE-2024-31143 CVE-2024-31145 CVE-2024-31146
CVE-2024-45817 CVE-2024-45818 CVE-2024-45819}
[bookworm] - xen 4.17.5+23-ga4e5191dc0-1
[25 Dec 2024] DSA-5835-1 webkit2gtk - security update
- {CVE-2024-54479 CVE-2024-54502 CVE-2024-54505 CVE-2024-54508}
+ {CVE-2024-54479 CVE-2024-54502 CVE-2024-54505 CVE-2024-54508
CVE-2024-54543}
[bookworm] - webkit2gtk 2.46.5-1~deb12u1
[20 Dec 2024] DSA-5834-1 chromium - security update
{CVE-2024-12692 CVE-2024-12693 CVE-2024-12694 CVE-2024-12695}
@@ -212,7 +212,7 @@
{CVE-2024-9954 CVE-2024-9955 CVE-2024-9956 CVE-2024-9957 CVE-2024-9958
CVE-2024-9959 CVE-2024-9960 CVE-2024-9961 CVE-2024-9962 CVE-2024-9963
CVE-2024-9964 CVE-2024-9965 CVE-2024-9966}
[bookworm] - chromium 130.0.6723.58-1~deb12u1
[14 Oct 2024] DSA-5792-1 webkit2gtk - security update
- {CVE-2024-40866 CVE-2024-44185 CVE-2024-44187 CVE-2024-54534}
+ {CVE-2024-40866 CVE-2024-44185 CVE-2024-44187 CVE-2024-54534
CVE-2024-27856}
[bookworm] - webkit2gtk 2.46.0-2~deb12u1
[13 Oct 2024] DSA-5791-1 python-reportlab - security update
{CVE-2023-33733}
@@ -580,7 +580,7 @@
[bullseye] - wordpress 5.7.11+dfsg1-0+deb11u1
[bookworm] - wordpress 6.1.6+dfsg1-0+deb12u1
[09 May 2024] DSA-5684-1 webkit2gtk - security update
- {CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23254
CVE-2024-23263 CVE-2024-23280 CVE-2024-23284}
+ {CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23254
CVE-2024-23263 CVE-2024-23280 CVE-2024-23284 CVE-2024-54658}
[bullseye] - webkit2gtk 2.44.1-1~deb11u1
[bookworm] - webkit2gtk 2.44.1-1~deb12u1
[08 May 2024] DSA-5683-1 chromium - security update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eabff502183d9f7c5c8ba13b192dcac17e971b55
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eabff502183d9f7c5c8ba13b192dcac17e971b55
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
