| Summary: | <net-libs/webkit-gtk-2.42.2: Denial of service in SVG handling | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sam James <sam> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | ajak, gnome |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://webkitgtk.org/security/WSA-2023-0012.html | ||
| Whiteboard: | A3 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 915222, 918667 | ||
| Bug Blocks: | |||
The somewhat esoteric slotting here is apparently breaking kuroneko, dropping the slots so kuroneko's cache will hopefully continue updating. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=27dbd0aa1207a04e72d0d05235473868999afb10 commit 27dbd0aa1207a04e72d0d05235473868999afb10 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2024-02-12 01:15:16 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2024-02-12 01:16:12 +0000 [ GLSA 202401-33 ] add missed bug Bug: https://bugs.gentoo.org/920664 Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202401-33.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) The stablereq in 920667 is for 2.42.4 while >=2.42.2 is already stable for bugs 915222 and 918667, so we're fixed here once this is GLSA'd. I've just amended the last GLSA to add this. |
CVE-2023-42883 Versions affected: WebKitGTK and WPE WebKit before 2.42.4. Credit to Zoom Offensive Security Team. Impact: Processing a SVG image may lead to a denial-of-service. Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 263349