On Wed, Sep 6 2023 at 04:23:17 PM +0800, 不会弹吉他的KK
<[email protected]> wrote:
My question is
1. Does webkitgtk 2.38.6 is vulnerable to CVE-2023-32435?
No clue, sorry.
2. If YES, how to deal the patches with the 2 new files? If just
ignore and only patch file
Source/JavaScriptCore/wasm/WasmSectionParser.cpp, could
CVE-2023-32435 be fixed for 2.38.6, please?
Patching just that one file is what I would do if tasked with
backporting this fix. That said, keep in mind that only 10-20% of our
security vulnerabilities receive CVEs, so just patching CVEs is not
sufficient to provide a secure version of WebKitGTK. The 2.38 branch is
no longer secure and you should try upgrading to 2.42. (I would skip
2.40 at this point, since that branch will end next week when 2.42.0 is
released.)
Michael
_______________________________________________
webkit-gtk mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-gtk
