Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 626142 (CVE-2017-7006, CVE-2017-7011, CVE-2017-7012, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7038, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7059, CVE-2017-7061, CVE-2017-7064)

Summary: <net-libs/webkit-gtk-2.16.6: Multiple vulnerabilities
Product: Gentoo Security Reporter: Christopher Díaz Riveros (RETIRED) <chrisadr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: gnome
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://webkitgtk.org/security/WSA-2017-0006.html
Whiteboard: A2 [glsa cve]
Package list:
net-libs/webkit-gtk-2.16.6
Runtime testing required: ---

Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-25 12:59:12 UTC
From URL:

Several vulnerabilities were discovered in WebKitGTK+.

We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.
Comment 1 Mart Raudsepp gentoo-dev 2017-07-25 18:05:56 UTC
Arches, please proceed.

commit 12cc94e10688796949b18c8d1f0abf682dca8d1e
Author: Mart Raudsepp <leio@gentoo.org>
Date:   Tue Jul 25 21:02:18 2017 +0300

    net-libs/webkit-gtk: bump to 2.16.6 for security fixes
    
    Fixes CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,
    CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7055,
    CVE-2017-7056, CVE-2017-7061 and CVE-2017-7064.
    
    Gentoo-bug: 626142
    Package-Manager: Portage-2.3.6, Repoman-2.3.2
Comment 2 Tobias Klausmann (RETIRED) gentoo-dev 2017-07-31 12:57:26 UTC
Stable on amd64.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-19 00:34:34 UTC
x86 stable
Comment 4 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-17 20:37:58 UTC
New GLSA Request filed.

@Maintainers please let us know when tree is clean.

Gentoo Security Padawan
ChrisADR
Comment 5 Larry the Git Cow gentoo-dev 2017-09-22 07:56:24 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7eb0f70f64ae75ab1c3d4e2c8eeed7e7fa713e88

commit 7eb0f70f64ae75ab1c3d4e2c8eeed7e7fa713e88
Author:     Gilles Dartiguelongue <eva@gentoo.org>
AuthorDate: 2017-09-22 07:37:56 +0000
Commit:     Gilles Dartiguelongue <eva@gentoo.org>
CommitDate: 2017-09-22 07:56:17 +0000

    net-libs/webkit-gtk: cleanup security vulnerable 2.16.5, bug #626142
    
    Bug: https://bugs.gentoo.org/show_bug.cgi?id=626142
    Package-Manager: Portage-2.3.8, Repoman-2.3.3

 net-libs/webkit-gtk/Manifest                 |   1 -
 net-libs/webkit-gtk/webkit-gtk-2.16.5.ebuild | 288 ---------------------------
 2 files changed, 289 deletions(-)}
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2017-10-13 23:54:33 UTC
This issue was resolved and addressed in
 GLSA 201710-14 at https://security.gentoo.org/glsa/201710-14
by GLSA coordinator Aaron Bauman (b-man).