Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 829723 (CVE-2021-30887, CVE-2021-30890)

Summary: <net-libs/webkit-gtk-2.34.3: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://webkitgtk.org/security/WSA-2021-0007.html
Whiteboard: A4 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 830597    
Bug Blocks: 819522, 820434    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-20 19:43:38 UTC 
CVE-2021-30887
    Versions affected: WebKitGTK and WPE WebKit before 2.34.3.
    Credit to Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd.
    Impact: Processing maliciously crafted web content may lead to
    unexpectedly unenforced Content Security Policy. Description: A
    logic issue was addressed with improved restrictions.

CVE-2021-30890
    Versions affected: WebKitGTK and WPE WebKit before 2.34.3.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    universal cross site scripting. Description: A logic issue was
    addressed with improved state management.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-20 19:43:55 UTC 
Please bump to 2.34.3.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-01 03:41:08 UTC 
commit d2418b0a913a694a55e21440268b44301931867c
Author: John Helmert III <ajak@gentoo.org>
Date:   Mon Jan 31 21:31:04 2022 -0600

    [ GLSA 202202-01 ] WebkitGTK+: Multiple vulnerabilities

    Signed-off-by: John Helmert III <ajak@gentoo.org>

All done!