Bug 693122 (CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, WSA-2019-0004)

Summary:	<net-libs/webkit-gtk-2.24.4: multiple vulnerabilities (WSA-2019-0004)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	gnome
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://webkitgtk.org/security/WSA-2019-0004.html
Whiteboard:	A2 [glsa+ cve]
Package list:	net-libs/webkit-gtk-2.24.4	Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2019-08-30 14:19:51 UTC

CVE-2019-8644 (https://nvd.nist.gov/vuln/detail/CVE-2019-8644):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8649 (https://nvd.nist.gov/vuln/detail/CVE-2019-8649):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8658 (https://nvd.nist.gov/vuln/detail/CVE-2019-8658):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8666 (https://nvd.nist.gov/vuln/detail/CVE-2019-8666):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8669 (https://nvd.nist.gov/vuln/detail/CVE-2019-8669):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8671 (https://nvd.nist.gov/vuln/detail/CVE-2019-8671):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8672 (https://nvd.nist.gov/vuln/detail/CVE-2019-8672):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8673 (https://nvd.nist.gov/vuln/detail/CVE-2019-8673):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8676 (https://nvd.nist.gov/vuln/detail/CVE-2019-8676):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8677 (https://nvd.nist.gov/vuln/detail/CVE-2019-8677):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8678 (https://nvd.nist.gov/vuln/detail/CVE-2019-8678):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8679 (https://nvd.nist.gov/vuln/detail/CVE-2019-8679):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8680 (https://nvd.nist.gov/vuln/detail/CVE-2019-8680):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8681 (https://nvd.nist.gov/vuln/detail/CVE-2019-8681):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8683 (https://nvd.nist.gov/vuln/detail/CVE-2019-8683):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8684 (https://nvd.nist.gov/vuln/detail/CVE-2019-8684):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8686 (https://nvd.nist.gov/vuln/detail/CVE-2019-8686):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8687 (https://nvd.nist.gov/vuln/detail/CVE-2019-8687):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8688 (https://nvd.nist.gov/vuln/detail/CVE-2019-8688):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8689 (https://nvd.nist.gov/vuln/detail/CVE-2019-8689):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8690 (https://nvd.nist.gov/vuln/detail/CVE-2019-8690):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

Comment 1 Larry the Git Cow gentoo-dev

2019-08-30 20:07:04 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=397ca5618acd3a4a54a564e68437e51792e725ee

commit 397ca5618acd3a4a54a564e68437e51792e725ee
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2019-08-30 20:06:27 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2019-08-30 20:06:44 +0000

    net-libs/webkit-gtk: security bump to 2.24.4
    
    Bug: https://bugs.gentoo.org/693122
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 net-libs/webkit-gtk/Manifest                 |   1 +
 net-libs/webkit-gtk/webkit-gtk-2.24.4.ebuild | 281 +++++++++++++++++++++++++++
 2 files changed, 282 insertions(+)

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2019-09-01 21:10:04 UTC

arm64 stable

Comment 3 Agostino Sarubbo gentoo-dev

2019-09-02 10:16:19 UTC

x86 stable

Comment 4 Agostino Sarubbo gentoo-dev

2019-09-02 13:24:41 UTC

amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 5 Larry the Git Cow gentoo-dev

2019-09-02 14:14:08 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd95ecc7338b510f8beb3c559c630721885e75e7

commit fd95ecc7338b510f8beb3c559c630721885e75e7
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2019-09-02 14:09:01 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2019-09-02 14:09:01 +0000

    net-libs/webkit-gtk: security cleanup
    
    Bug: https://bugs.gentoo.org/693122
    Package-Manager: Portage-2.3.69, Repoman-2.3.12
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 net-libs/webkit-gtk/Manifest                 |   1 -
 net-libs/webkit-gtk/webkit-gtk-2.24.3.ebuild | 281 ---------------------------
 2 files changed, 282 deletions(-)

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2019-09-06 16:18:45 UTC

This issue was resolved and addressed in
 GLSA 201909-05 at https://security.gentoo.org/glsa/201909-05
by GLSA coordinator Thomas Deutschmann (whissi).