Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 833568 (CVE-2022-22620, WSA-2022-0003)

Summary: <net-libs/webkit-gtk-2.34.6: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://webkitgtk.org/security/WSA-2022-0003.html
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 833923    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-17 21:05:06 UTC
"Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

CVE-2022-22620
    Versions affected: WebKitGTK and WPE WebKit before 2.34.6.
    Credit to an anonymous researcher.
    Impact: processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management."

Please bump to 2.34.6.
Comment 1 Larry the Git Cow gentoo-dev 2022-02-18 03:44:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f103767bfcbc3d7e664111ddb822ffea35975b35

commit f103767bfcbc3d7e664111ddb822ffea35975b35
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-02-18 03:41:25 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-02-18 03:44:15 +0000

    net-libs/webkit-gtk: Version bump to 2.34.6
    
    Bug: https://bugs.gentoo.org/833568
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 net-libs/webkit-gtk/Manifest                 |   1 +
 net-libs/webkit-gtk/webkit-gtk-2.34.6.ebuild | 272 +++++++++++++++++++++++++++
 2 files changed, 273 insertions(+)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-02-18 03:50:08 UTC
Thanks! Please stable when ready!
Comment 3 Larry the Git Cow gentoo-dev 2022-04-20 02:33:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4249de5dfd23a1ba0ec24efea124ce21a45b97e7

commit 4249de5dfd23a1ba0ec24efea124ce21a45b97e7
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-04-20 02:32:49 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-04-20 02:33:09 +0000

    net-libs/webkit-gtk: Drop old versions
    
    Bug: https://bugs.gentoo.org/833568
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 net-libs/webkit-gtk/Manifest                       |   1 -
 .../files/2.34.3-opengl-without-X-fixes.patch      |  46 ----
 net-libs/webkit-gtk/webkit-gtk-2.34.5.ebuild       | 273 ---------------------
 3 files changed, 320 deletions(-)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-20 14:17:12 UTC
Thanks Matt!
Comment 5 Larry the Git Cow gentoo-dev 2022-08-31 23:57:16 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=1d278bb93fbf8fdb34ef9c125c5f4536e11c15d7

commit 1d278bb93fbf8fdb34ef9c125c5f4536e11c15d7
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-31 23:54:04 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-31 23:56:59 +0000

    [ GLSA 202208-39 ] WebKitGTK+: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/832990
    Bug: https://bugs.gentoo.org/833568
    Bug: https://bugs.gentoo.org/837305
    Bug: https://bugs.gentoo.org/839984
    Bug: https://bugs.gentoo.org/845252
    Bug: https://bugs.gentoo.org/856445
    Bug: https://bugs.gentoo.org/861740
    Bug: https://bugs.gentoo.org/864427
    Bug: https://bugs.gentoo.org/866494
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-39.xml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)