Alberto Garcia pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
15dd824f by Alberto Garcia at 2025-05-15T13:34:21+02:00
webkit2gtk / wpewebkit upstream advisory WSA-2025-0004
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -918,7 +918,11 @@ CVE-2025-31259 (The issue was addressed with improved
input sanitization. This i
CVE-2025-31258 (This issue was addressed by removing the vulnerable code. This
issue i ...)
NOT-FOR-US: Apple
CVE-2025-31257 (This issue was addressed with improved memory handling. This
issue is ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.48.2-1
+ - wpewebkit 2.48.2-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0004.html
CVE-2025-31256 (The issue was addressed with improved handling of caches. This
issue i ...)
NOT-FOR-US: Apple
CVE-2025-31253 (This issue was addressed through improved state management.
This issue ...)
@@ -984,7 +988,11 @@ CVE-2025-31218 (This issue was addressed by removing the
vulnerable code. This i
CVE-2025-31217 (The issue was addressed with improved input validation. This
issue is ...)
NOT-FOR-US: Apple
CVE-2025-31215 (The issue was addressed with improved checks. This issue is
fixed in w ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.48.2-1
+ - wpewebkit 2.48.2-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0004.html
CVE-2025-31214 (This issue was addressed through improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2025-31213 (A logging issue was addressed with improved data redaction.
This issue ...)
@@ -1000,11 +1008,23 @@ CVE-2025-31208 (The issue was addressed with improved
checks. This issue is fixe
CVE-2025-31207 (A logic issue was addressed with improved checks. This issue
is fixed ...)
NOT-FOR-US: Apple
CVE-2025-31206 (A type confusion issue was addressed with improved state
handling. Thi ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.48.2-1
+ - wpewebkit 2.48.2-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0004.html
CVE-2025-31205 (The issue was addressed with improved checks. This issue is
fixed in w ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.48.2-1
+ - wpewebkit 2.48.2-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0004.html
CVE-2025-31204 (The issue was addressed with improved memory handling. This
issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.48.2-1
+ - wpewebkit 2.48.2-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0004.html
CVE-2025-31196 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
CVE-2025-31195 (The issue was addressed by adding additional logic. This issue
is fixe ...)
@@ -1038,7 +1058,11 @@ CVE-2025-24258 (A permissions issue was addressed with
additional restrictions.
CVE-2025-24225 (An injection issue was addressed with improved input
validation. This ...)
NOT-FOR-US: Apple
CVE-2025-24223 (The issue was addressed with improved memory handling. This
issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.48.2-1
+ - wpewebkit 2.48.2-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0004.html
CVE-2025-24222 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2025-24220 (A permissions issue was addressed with additional
restrictions. This i ...)
@@ -10707,13 +10731,21 @@ CVE-2023-42977 (A path handling issue was addressed
with improved validation. Th
CVE-2023-42973 (Private Browsing tabs may be accessed without authentication.
This iss ...)
NOT-FOR-US: Apple
CVE-2023-42970 (A use-after-free issue was addressed with improved memory
management. ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.42.0-1
+ - wpewebkit 2.42.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0004.html
CVE-2023-42969 (An app may be able to break out of its sandbox. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2023-42961 (A path handling issue was addressed with improved validation.
This iss ...)
NOT-FOR-US: Apple
CVE-2023-42875 (Processing web content may lead to arbitrary code execution.
This issu ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.42.0-1
+ - wpewebkit 2.42.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0004.html
CVE-2023-41076 (An app may be able to elevate privileges. This issue is fixed
in macOS ...)
NOT-FOR-US: Apple
CVE-2023-38614 (A permissions issue was addressed with additional
restrictions. This i ...)
=====================================
data/DSA/list
=====================================
@@ -1338,7 +1338,7 @@
[12 Oct 2023] DSA-5522-2 tomcat9 - regression update
[bullseye] - tomcat9 9.0.43-2~deb11u8
[12 Oct 2023] DSA-5527-1 webkit2gtk - security update
- {CVE-2023-32359 CVE-2023-39928 CVE-2023-41074 CVE-2023-41993
CVE-2023-42890 CVE-2023-40414 CVE-2014-1745}
+ {CVE-2023-42875 CVE-2023-42970 CVE-2023-32359 CVE-2023-39928
CVE-2023-41074 CVE-2023-41993 CVE-2023-42890 CVE-2023-40414 CVE-2014-1745}
[bullseye] - webkit2gtk 2.42.1-1~deb11u1
[bookworm] - webkit2gtk 2.42.1-1~deb12u1
[12 Oct 2023] DSA-5526-1 chromium - security update
=====================================
data/dsa-needed.txt
=====================================
@@ -69,6 +69,8 @@ tcpdf
--
thunderbird (jmm)
--
+webkit2gtk (berto)
+--
wordpress
--
xen
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15dd824f8db73c70affe131693bb5b49b9bdfb9d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15dd824f8db73c70affe131693bb5b49b9bdfb9d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
