Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 686216 (CVE-2019-8595, CVE-2019-8607, CVE-2019-8615)

Summary: <net-libs/webkit-gtk-2.24.2: multiple vulnerabilities
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: gnome
Priority: Normal Keywords: STABLEREQ
Version: unspecifiedFlags: stable-bot: sanity-check+
Hardware: All   
OS: Linux   
URL: https://webkitgtk.org/2019/05/17/webkitgtk2.24.2-released.html
Whiteboard: A3 [glsa+ cve]
Package list:
net-libs/webkit-gtk-2.24.2
Runtime testing required: ---

Description D'juan McDonald (domhnall) 2019-05-18 12:16:07 UTC
Security fixes [for]: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615.

CVE-2019-8595
Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8607
An out-of-bounds read was addressed with improved input validation.

CVE-2019-8615
Multiple memory corruption issues were addressed with improved memory handling.



Gentoo Security Padawan
(domhnall)
Comment 1 Thomas Deutschmann gentoo-dev Security 2019-05-19 13:19:44 UTC
x86 stable
Comment 2 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-05-19 19:58:31 UTC
amd64 stable
Comment 3 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-05-19 20:01:51 UTC
amd64 stable
Comment 4 Thomas Deutschmann gentoo-dev Security 2019-09-06 15:44:19 UTC
Added to an existing GLSA.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2019-09-06 16:18:37 UTC
This issue was resolved and addressed in
 GLSA 201909-05 at https://security.gentoo.org/glsa/201909-05
by GLSA coordinator Thomas Deutschmann (whissi).