Summary: | <net-libs/webkit-gtk-2.10.7: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/02/01/6 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 566378 | ||
Bug Blocks: |
Description
Agostino Sarubbo
![]() Was fixed upstream in v2.10.5. First fixed version containing was v2.10.7 (via https://gitweb.gentoo.org/repo/gentoo.git/commit/net-libs/webkit-gtk?id=a62079ddda10039b692df7a77fb4ec572027b2e5). Current stable version in tree is =net-libs/webkit-gtk-2.12.5. Added to existing GLSA. @ Maintainer(s): I am unable to determine if v2.4.11 is affected. Can you help? Maybe you know the commits so we can check? webkit-gtk-2.4 is very likely to be affected by various security bugs that have happened and fixed in 2.10 or 2.12. We need to get webkit-gtk-2.4 out of the tree, but various consumers have still not ported to webkit2gtk (multiprocessing new API). The hope is that these remaining applications only display controlled static HTML, not support browsing the web, but I have not checked. @ Maintainer(s): Thank you for your response. Could you please create a webkit-gtk-2.4 removal tracking bug and file blocking bugs against remaining consumers? That way we could track progress... It was being covered in bug 570034 This issue was resolved and addressed in GLSA 201612-41 at https://security.gentoo.org/glsa/201612-41 by GLSA coordinator Aaron Bauman (b-man). Should not have been addressed via GLSA or closed. Errata published. Reopening. This issue was resolved and addressed in GLSA 201706-15 at https://security.gentoo.org/glsa/201706-15 by GLSA coordinator Thomas Deutschmann (whissi). |