Bug 662974 (CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284)

Summary:	<net-libs/webkit-gtk-2.20.4: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	gnome
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://webkitgtk.org/security/WSA-2018-0006.html
Whiteboard:	B2 [glsa+ cve cleanup]
Package list:	net-libs/webkit-gtk-2.20.4	Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2018-08-06 19:19:27 UTC

CVE-2018-4261 (https://nvd.nist.gov/vuln/detail/CVE-2018-4261):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4262 (https://nvd.nist.gov/vuln/detail/CVE-2018-4262):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4263 (https://nvd.nist.gov/vuln/detail/CVE-2018-4263):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4264 (https://nvd.nist.gov/vuln/detail/CVE-2018-4264):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4265 (https://nvd.nist.gov/vuln/detail/CVE-2018-4265):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4266 (https://nvd.nist.gov/vuln/detail/CVE-2018-4266):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4267 (https://nvd.nist.gov/vuln/detail/CVE-2018-4267):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4270 (https://nvd.nist.gov/vuln/detail/CVE-2018-4270):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4272 (https://nvd.nist.gov/vuln/detail/CVE-2018-4272):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4273 (https://nvd.nist.gov/vuln/detail/CVE-2018-4273):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4278 (https://nvd.nist.gov/vuln/detail/CVE-2018-4278):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4284 (https://nvd.nist.gov/vuln/detail/CVE-2018-4284):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-06 22:21:59 UTC

x86 stable

Comment 2 Agostino Sarubbo gentoo-dev

2018-08-07 12:22:58 UTC

amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 3 Mart Raudsepp gentoo-dev

2018-08-08 10:20:53 UTC

Cleanup of 2.20.3 was done, getting rid of 2.18 still needs ~ arches to keyword woff2 finally.

There is now a webkitgtk advisory that goes into more detail, plus has one CVE made public that was fixed in webkit-gtk 2.20.2 already and probably is missing from our earlier sets. Please update bug aliases and such as appropriate.

https://webkitgtk.org/security/WSA-2018-0006.html

Comment 4 Mikle Kolyada (RETIRED) archtester

2018-08-10 18:59:46 UTC

Added to existing glsa draft

Comment 5 GLSAMaker/CVETool Bot gentoo-dev

2018-08-22 21:29:24 UTC

This issue was resolved and addressed in
 GLSA 201808-04 at https://security.gentoo.org/glsa/201808-04
by GLSA coordinator Thomas Deutschmann (whissi).