I don't have much time now to bump them but... to let people know (and work on it if they have enough time...) What's new in the WebKitGTK+ 2.4.8 release? =========================================== - Fix SSL connection issues with some websites after the POODLE vulnerability fix. - Fix a crash when loading flash plugins. - Fix build on GNU Hurd - Fix build on OS X. - Fix documentation of webkit_print_operation_get_page_setup(). - Security fixes: CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390.
CVE-2014-1390 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1390): WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. CVE-2014-1389 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1389): WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. CVE-2014-1388 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1388): WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. CVE-2014-1387 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1387): WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. CVE-2014-1386 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1386): WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. CVE-2014-1385 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1385): WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. CVE-2014-1384 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1384): WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in HT6367. CVE-2014-1344 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1344): WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.
+*webkit-gtk-2.4.8 (14 Jan 2015) +*webkit-gtk-2.4.8-r200 (14 Jan 2015) + + 14 Jan 2015; Pacho Ramos <pacho@gentoo.org> +webkit-gtk-2.4.8-r200.ebuild, + +webkit-gtk-2.4.8.ebuild: + Version bump + That two versions should be stabilized
Arches, please test and mark stable: =net-libs/webkit-gtk-2.4.8 =net-libs/webkit-gtk-2.4.8-r200 Target keywords : "amd64 x86"
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
just cleaned
Arches and Maintainer(s), Thank you for your work. GLSA Vote: No
New GLSA Request filed.
This issue was resolved and addressed in GLSA 201601-02 at https://security.gentoo.org/glsa/201601-02 by GLSA coordinator Kristian Fiskerstrand (K_F).