Alberto Garcia pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6453ae36 by Alberto Garcia at 2025-12-17T17:05:33+01:00
webkit2gtk / wpewebkit upstream advisory WSA-2025-0010
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1734,14 +1734,49 @@ CVE-2025-46276 (An information disclosure issue was
addressed with improved priv
NOT-FOR-US: Apple
CVE-2025-43542 (This issue was addressed with improved state management. This
issue is ...)
NOT-FOR-US: Apple
+CVE-2025-43541 [Malicious web content may lead to an unexpected process crash]
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43539 (The issue was addressed with improved bounds checks. This
issue is fix ...)
NOT-FOR-US: Apple
CVE-2025-43538 (A logging issue was addressed with improved data redaction.
This issue ...)
NOT-FOR-US: Apple
+CVE-2025-43536 [Malicious web content may lead to an unexpected process crash]
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
+CVE-2025-43535 [Malicious web content may lead to an unexpected process crash]
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43532 (A memory corruption issue was addressed with improved bounds
checking. ...)
NOT-FOR-US: Apple
+CVE-2025-43531 [Malicious web content may lead to an unexpected process crash]
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43530 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
+CVE-2025-43529 [Malicious web content may lead to arbitrary code execution]
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43527 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43523 (A permissions issue was addressed with additional
restrictions. This i ...)
@@ -1772,6 +1807,13 @@ CVE-2025-43509 (This issue was addressed with improved
data protection. This iss
NOT-FOR-US: Apple
CVE-2025-43506 (A logic error was addressed with improved error handling. This
issue i ...)
NOT-FOR-US: Apple
+CVE-2025-43501 [Malicious web content may lead to an unexpected process crash]
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43497 (An access issue was addressed with additional sandbox
restrictions. Th ...)
NOT-FOR-US: Apple
CVE-2025-43494 (A mail header parsing issue was addressed with improved
checks. This i ...)
@@ -2003,6 +2045,12 @@ CVE-2025-14442 (The Secure Copy Content Protection and
Content Locking plugin fo
NOT-FOR-US: WordPress plugin
CVE-2025-14174 (Out of bounds memory access in ANGLE in Google Chrome on Mac
prior to ...)
- chromium <not-affected> (Only affects Chromium on MacOS)
+ - webkit2gtk 2.50.4-1
+ - wpewebkit 2.50.4-1
+ [trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
+ [bullseye] - wpewebkit <end-of-life> (see #1035997)
+ NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-14159 (The Secure Copy Content Protection and Content Locking plugin
for Word ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14074 (The PDF for Contact Form 7 + Drag and Drop Template Builder
plugin for ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -84,6 +84,8 @@ tomcat10/oldstable (apo)
--
tomcat11/stable (apo)
--
+webkit2gtk (berto)
+--
wordpress/stable
--
zabbix/oldstable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6453ae36bbfbf5fefbe1f6681bba1671fb7a0ebc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6453ae36bbfbf5fefbe1f6681bba1671fb7a0ebc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
