Summary: | <net-libs/webkit-gtk-2.18.3: Remote AcE and/or DoS vectors (CVE-2017-{13783,13784,13785,13788,13791,13792,13793,13794,13795,13796,13798,13802,13803}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hank Leininger <hlein> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://webkitgtk.org/security/WSA-2017-0009.html | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
net-libs/webkit-gtk-2.18.3
|
Runtime testing required: | --- |
Description
Hank Leininger
2017-11-10 17:36:25 UTC
(In reply to Hank Leininger from comment #0) > From ${URL}: > > Several vulnerabilities were discovered in WebKitGTK+. > > ## > > 13 different CVEs all with: > "Impact: Processing maliciously crafted web content may lead to arbitrary > code execution. > Description: Multiple memory corruption issues were addressed with improved > memory handling." > > Ten are fixed in 2.18.1 (2.18.2 is current in portage as I write this); > three fixed in 2.18.3 (just released). Thank you for reporting the issue. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3dd23d4bc9222af04ce0e307a1eebe0dbc744bca commit 3dd23d4bc9222af04ce0e307a1eebe0dbc744bca Author: Ian Stakenvicius <axs@gentoo.org> AuthorDate: 2017-11-21 17:31:21 +0000 Commit: Ian Stakenvicius <axs@gentoo.org> CommitDate: 2017-11-21 17:31:45 +0000 net-libs/webkit-gtk: bump to 2.18.3 for security Bug: https://bugs.gentoo.org/637076 Acked-by: Mart Raudsepp <leio@gentoo.org> Package-Manager: Portage-2.3.13, Repoman-2.3.3 net-libs/webkit-gtk/Manifest | 1 + net-libs/webkit-gtk/webkit-gtk-2.18.3.ebuild | 284 +++++++++++++++++++++++++++ 2 files changed, 285 insertions(+)} amd64 stable x86 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62eeb40713550035e44586334620fb337a94ae44 commit 62eeb40713550035e44586334620fb337a94ae44 Author: Manuel Rüger <mrueg@gentoo.org> AuthorDate: 2017-11-28 17:33:37 +0000 Commit: Manuel Rüger <mrueg@gentoo.org> CommitDate: 2017-11-28 17:33:37 +0000 net-libs/webkit-gtk: Remove vulnerable 2.18.2 as requested by leio Bug: https://bugs.gentoo.org/637076 Package-Manager: Portage-2.3.16, Repoman-2.3.6 net-libs/webkit-gtk/Manifest | 1 - net-libs/webkit-gtk/webkit-gtk-2.18.2.ebuild | 284 --------------------------- 2 files changed, 285 deletions(-)} New GLSA request filed. Gentoo Security Padawan (jmbailey/mbailey_j) This issue was resolved and addressed in GLSA 201712-01 at https://security.gentoo.org/glsa/201712-01 by GLSA coordinator Thomas Deutschmann (whissi). |