Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 678334 (WSA-2019-0001)

Summary: <net-libs/webkit-gtk-2.22.6: multiple vulnerabilities (WSA-2019-0001)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: gnome
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://webkitgtk.org/security/WSA-2019-0001.html
Whiteboard: A2 [glsa+ cve]
Package list:
net-libs/webkit-gtk-2.22.6
 Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2019-02-18 21:31:09 UTC 
CVE-2019-6212 (https://nvd.nist.gov/vuln/detail/CVE-2019-6212):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-6215 (https://nvd.nist.gov/vuln/detail/CVE-2019-6215):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-6216 (https://nvd.nist.gov/vuln/detail/CVE-2019-6216):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-6217 (https://nvd.nist.gov/vuln/detail/CVE-2019-6217):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-6226 (https://nvd.nist.gov/vuln/detail/CVE-2019-6226):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-6227 (https://nvd.nist.gov/vuln/detail/CVE-2019-6227):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-6229 (https://nvd.nist.gov/vuln/detail/CVE-2019-6229):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-6233 (https://nvd.nist.gov/vuln/detail/CVE-2019-6233):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-6234 (https://nvd.nist.gov/vuln/detail/CVE-2019-6234):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-02-19 18:48:26 UTC 
x86 stable
Comment 2 Agostino Sarubbo gentoo-dev 2019-02-19 20:21:49 UTC 
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2019-03-07 21:58:46 UTC 
- CVE-2019-6212: Fixed multiple memory corruption vulnerabilities which
     could allow arbitrary code execution during the processing
     of special crafted web-content.
- CVE-2019-6215: Fixed a type confusion vulnerability which could allow
     arbitrary code execution during the processing
     of special crafted web-content.
- CVE-2019-6216: Fixed multiple memory corruption vulnerabilities which
     could allow arbitrary code execution during the processing
     of special crafted web-content.
- CVE-2019-6217: Fixed multiple memory corruption vulnerabilities which
     could allow arbitrary code execution during the processing
     of special crafted web-content.
- CVE-2019-6226: Fixed multiple memory corruption vulnerabilities which
     could allow arbitrary code execution during the processing
     of special crafted web-content.
- CVE-2019-6227: Fixed a memory corruption vulnerability which could allow
     arbitrary code execution during the processing
     of special crafted web-content.
- CVE-2019-6229: Fixed a logic issue by improving validation which could
     allow arbitrary code execution during the processing
     of special crafted web-content.
- CVE-2019-6233: Fixed a memory corruption vulnerability which could allow
     arbitrary code execution during the processing
     of special crafted web-content.
- CVE-2019-6234: Fixed a memory corruption vulnerability which could allow
     arbitrary code execution during the processing
     of special crafted web-content.

--
Arches and Maintainer(s), Thank you for your work.
New GLSA Request filed.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2019-03-14 01:38:37 UTC 
This issue was resolved and addressed in
 GLSA 201903-12 at https://security.gentoo.org/glsa/201903-12
by GLSA coordinator Aaron Bauman (b-man).