-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3183-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 09, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : webkit2gtk Version : 2.38.2-1~deb10u1 CVE ID : CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-42799 Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. CVE-2022-42823 Dohyun Lee discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-42824 Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that processing maliciously crafted web content may disclose sensitive user information. For Debian 10 buster, these problems have been fixed in version 2.38.2-1~deb10u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmNrYnIACgkQnUbEiOQ2 gwLj3A/9E66Zfw9IOyJLtEJpaSoRXxQDEOybRt8B/7Aj73jP3WvsWrvwE/wY8487 R03nBubqfaQM8ALQC3mnFOF4/iNyppcOPkvTQ7ZbNbkNQOTIvs6S6t3eKlL3V9Xu p5K+U5u5/7J/z/YBmozGvoSTg/l8E5N8V4XVEHjylYYQE716vH5ow8RyTKJcsBf8 YXbrHIYK3cGUSjWjn8gTN8/29DIutkesTWVzRFtViBHIuLjw2XqswQQqDKR+9bCU zn1FNbZ/VoJ1nE0/VLHw+1/w25aaQY3eCEr90+APDOsJIsOljlwOAE3RqpCACym6 hAtnTB9M6SafrxVvwhGg2v2RRCyh+DLp9l1KojSUWRJpglq0ZimV+p2v2W5JpNnV phZVKDinq1OhFZe5UWy3fk43vCiZhWuzZ6LVZTHqoRvcS17lRDAJxY9qJKeH2L00 jZjHqxyue7/ov6T+9P2PeHYxZf2ea+PAex5iwAr6adlP5ZITSG+EHn4JUUjKtvEu V0CL2qdDP3TXMOBaZuNrm+5rLxAmTXh8FkFkPxlyLR8WKeu9j0X73d6ODVcjZhhB BOEchVExA7F8wB4K6U74RRbDzvirhvZV0xqmKzs3apnGGez5YTsGRXG2GRGVfaFU JzE72tdLL3oz+ZgpxICNR2/vf3t7hVSzpf3TK0AkNeS7nx3ltgs= =HXnx -----END PGP SIGNATURE-----