Hi Alberto, On Wed, Sep 04, 2019 at 09:44:51AM +0200, Alberto Garcia wrote: > I was having a look at the list of CVEs for webkit2gtk: > > https://security-tracker.debian.org/tracker/source-package/webkit2gtk > > Two of them (CVE-2019-8375 and CVE-2017-17821) are listed as still > open in buster / bullseye / sid, however > > 1) CVE-2019-8375 was fixed in webkit2gtk 2.23.90: > > > https://github.com/Igalia/webkit/commit/15091e3aa288df50ade0d78b5f444ec0d1814573 > > 2) CVE-2017-17821 was fixed in webkit2gtk 2.21.3: > > > https://github.com/Igalia/webkit/commit/2a17b15297eb886b0bfb7d098ef607cfad6c3da0
Thanks. Could you as well triage the recent CVEs which are fixed in DSA-4515-1 for unstable? Which is the first unstable version having the fix? Regards, Salvatore
