Summary: | <net-libs/webkit-gtk-2.36.8: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://webkitgtk.org/security/WSA-2022-0009.html | ||
Whiteboard: | A2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 879809 | ||
Bug Blocks: |
Description
John Helmert III
2022-09-19 16:03:04 UTC
Sorry, already in tree, so please stabilize (and thanks for the quick bump!) CVE-2022-32912 has been told to not be affecting Linux: https://mail.gnome.org/archives/distributor-list/2022-September/msg00001.html (In reply to Mart Raudsepp from comment #2) > CVE-2022-32912 has been told to not be affecting Linux: > https://mail.gnome.org/archives/distributor-list/2022-September/msg00001.html Feel free to change alias as necessary in these kinds of situations The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f2ad6c822d2d64da4ebcb1f90b23c9f78bbbd91 commit 5f2ad6c822d2d64da4ebcb1f90b23c9f78bbbd91 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-12-19 19:59:48 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-12-19 21:11:40 +0000 net-libs/webkit-gtk: Drop old versions Bug: https://bugs.gentoo.org/871732 Bug: https://bugs.gentoo.org/879571 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 1 - net-libs/webkit-gtk/webkit-gtk-2.36.7.ebuild | 250 --------------------------- 2 files changed, 251 deletions(-) Thanks! From WSA-2023-0003 (https://webkitgtk.org/security/WSA-2023-0003.html): CVE-2023-25358 Versions affected: WebKitGTK and WPE WebKit before 2.36.8. Credit to Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab. A use-after-free vulnerability exists in WebCore::RenderLayer. This issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. This is the same issue than CVE-2023-25360, CVE-2023-25361, CVE-2023-25362 and CVE-2023-25363. GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a8dea8203b3b4b4cca0bdebe02a9a8ea505ae935 commit a8dea8203b3b4b4cca0bdebe02a9a8ea505ae935 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-30 03:01:57 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-30 03:05:03 +0000 [ GLSA 202305-32 ] WebKitGTK+: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/871732 Bug: https://bugs.gentoo.org/879571 Bug: https://bugs.gentoo.org/888563 Bug: https://bugs.gentoo.org/905346 Bug: https://bugs.gentoo.org/905349 Bug: https://bugs.gentoo.org/905351 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-32.xml | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) GLSA released, all done! |