Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 662974 (CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284)

Summary: <net-libs/webkit-gtk-2.20.4: multiple vulnerabilities
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: gnome
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://webkitgtk.org/security/WSA-2018-0006.html
Whiteboard: B2 [glsa+ cve cleanup]
Package list:
net-libs/webkit-gtk-2.20.4
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2018-08-06 19:19:27 UTC
CVE-2018-4261 (https://nvd.nist.gov/vuln/detail/CVE-2018-4261):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4262 (https://nvd.nist.gov/vuln/detail/CVE-2018-4262):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4263 (https://nvd.nist.gov/vuln/detail/CVE-2018-4263):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4264 (https://nvd.nist.gov/vuln/detail/CVE-2018-4264):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4265 (https://nvd.nist.gov/vuln/detail/CVE-2018-4265):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4266 (https://nvd.nist.gov/vuln/detail/CVE-2018-4266):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4267 (https://nvd.nist.gov/vuln/detail/CVE-2018-4267):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4270 (https://nvd.nist.gov/vuln/detail/CVE-2018-4270):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4272 (https://nvd.nist.gov/vuln/detail/CVE-2018-4272):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4273 (https://nvd.nist.gov/vuln/detail/CVE-2018-4273):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4278 (https://nvd.nist.gov/vuln/detail/CVE-2018-4278):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4284 (https://nvd.nist.gov/vuln/detail/CVE-2018-4284):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.
Comment 1 Thomas Deutschmann gentoo-dev Security 2018-08-06 22:21:59 UTC
x86 stable
Comment 2 Agostino Sarubbo gentoo-dev 2018-08-07 12:22:58 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 3 Mart Raudsepp gentoo-dev 2018-08-08 10:20:53 UTC
Cleanup of 2.20.3 was done, getting rid of 2.18 still needs ~ arches to keyword woff2 finally.

There is now a webkitgtk advisory that goes into more detail, plus has one CVE made public that was fixed in webkit-gtk 2.20.2 already and probably is missing from our earlier sets. Please update bug aliases and such as appropriate.

https://webkitgtk.org/security/WSA-2018-0006.html
Comment 4 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-08-10 18:59:46 UTC
Added to existing glsa draft
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2018-08-22 21:29:24 UTC
This issue was resolved and addressed in
 GLSA 201808-04 at https://security.gentoo.org/glsa/201808-04
by GLSA coordinator Thomas Deutschmann (whissi).