Hi All, CVE-2023-32435 has been fixed in webkitgtk 2.40.0. According to https://bugs.webkit.org/show_bug.cgi?id=251890, the commit is at https://github.com/WebKit/WebKit/commit/50c7aaec2f53ab3b960f1b299aad5009df6f1967 . It patches 3 files, but 2 of them are created/added in 2.40.0 and do NOT exist in 2.38.6: * Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp * Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h
My question is 1. Does webkitgtk 2.38.6 is vulnerable to CVE-2023-32435? 2. If YES, how to deal the patches with the 2 new files? If just ignore and only patch file Source/JavaScriptCore/wasm/WasmSectionParser.cpp, could CVE-2023-32435 be fixed for 2.38.6, please? Regards, Kai
_______________________________________________ webkit-gtk mailing list webkit-gtk@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-gtk
