Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 843152

Summary: net-libs/webkit-gtk: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: major CC: gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa?]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-07 14:45:49 UTC 
CVE-2022-30293 (https://bugs.webkit.org/show_bug.cgi?id=237187):

In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.

CVE-2022-30294 (https://bugs.webkit.org/show_bug.cgi?id=237188):

In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-free in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.

These are duplicates. There is a patch:

https://github.com/WebKit/WebKit/commit/fb8ed3d7e9868de82621015783d1f0cc1080b4e4

But I don't know how to parse those tags, so unsure if this has made it into a release.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-28 22:40:59 UTC 
2.36.3 has been released with fixes "several crashes and rendering issues" (read: multiple code execution issues).
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-01 15:38:29 UTC 
These are apparently in 2.36.1.

*** This bug has been marked as a duplicate of bug 839984 ***