Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 536234 (CVE-2014-1344) - <net-libs/webkit-gtk-{2.4.8,2.4.8-r200}: Security fixes (CVE-2014-{1344,1384,1385,1386,1387,1388,1389,1390})
Summary: <net-libs/webkit-gtk-{2.4.8,2.4.8-r200}: Security fixes (CVE-2014-{1344,1384,...
Status: RESOLVED FIXED
Alias: CVE-2014-1344
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on: 536898
Blocks:
  Show dependency tree
 
Reported: 2015-01-10 17:22 UTC by Pacho Ramos
Modified: 2016-01-26 19:50 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pacho Ramos gentoo-dev 2015-01-10 17:22:50 UTC
I don't have much time now to bump them but... to let people know (and work on it if they have enough time...)

What's new in the WebKitGTK+ 2.4.8 release?
===========================================

  - Fix SSL connection issues with some websites after the POODLE vulnerability fix.
  - Fix a crash when loading flash plugins.
  - Fix build on GNU Hurd
  - Fix build on OS X.
  - Fix documentation of webkit_print_operation_get_page_setup().
  - Security fixes: CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1386,
    CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2015-01-10 17:30:34 UTC
CVE-2014-1390 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1390):
  WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
  remote attackers to execute arbitrary code or cause a denial of service
  (memory corruption and application crash) via a crafted web site, a
  different vulnerability than other WebKit CVEs listed in HT6367.

CVE-2014-1389 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1389):
  WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
  remote attackers to execute arbitrary code or cause a denial of service
  (memory corruption and application crash) via a crafted web site, a
  different vulnerability than other WebKit CVEs listed in HT6367.

CVE-2014-1388 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1388):
  WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
  remote attackers to execute arbitrary code or cause a denial of service
  (memory corruption and application crash) via a crafted web site, a
  different vulnerability than other WebKit CVEs listed in HT6367.

CVE-2014-1387 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1387):
  WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
  remote attackers to execute arbitrary code or cause a denial of service
  (memory corruption and application crash) via a crafted web site, a
  different vulnerability than other WebKit CVEs listed in HT6367.

CVE-2014-1386 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1386):
  WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
  remote attackers to execute arbitrary code or cause a denial of service
  (memory corruption and application crash) via a crafted web site, a
  different vulnerability than other WebKit CVEs listed in HT6367.

CVE-2014-1385 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1385):
  WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
  remote attackers to execute arbitrary code or cause a denial of service
  (memory corruption and application crash) via a crafted web site, a
  different vulnerability than other WebKit CVEs listed in HT6367.

CVE-2014-1384 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1384):
  WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
  remote attackers to execute arbitrary code or cause a denial of service
  (memory corruption and application crash) via a crafted web site, a
  different vulnerability than other WebKit CVEs listed in HT6367.

CVE-2014-1344 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1344):
  WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows
  remote attackers to execute arbitrary code or cause a denial of service
  (memory corruption and application crash) via a crafted web site, a
  different vulnerability than other WebKit CVEs listed in
  APPLE-SA-2014-05-21-1.
Comment 2 Pacho Ramos gentoo-dev 2015-01-14 22:22:24 UTC
+*webkit-gtk-2.4.8 (14 Jan 2015)
+*webkit-gtk-2.4.8-r200 (14 Jan 2015)
+
+  14 Jan 2015; Pacho Ramos <pacho@gentoo.org> +webkit-gtk-2.4.8-r200.ebuild,
+  +webkit-gtk-2.4.8.ebuild:
+  Version bump
+

That two versions should be stabilized
Comment 3 Agostino Sarubbo gentoo-dev 2015-01-15 09:01:21 UTC
Arches, please test and mark stable:
=net-libs/webkit-gtk-2.4.8
=net-libs/webkit-gtk-2.4.8-r200
Target keywords : "amd64 x86"
Comment 4 Agostino Sarubbo gentoo-dev 2015-01-25 11:14:00 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2015-01-25 11:14:50 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 6 Pacho Ramos gentoo-dev 2015-01-25 12:00:55 UTC
just cleaned
Comment 7 Yury German Gentoo Infrastructure gentoo-dev Security 2015-04-22 20:43:24 UTC
Arches and Maintainer(s), Thank you for your work.

GLSA Vote: No
Comment 8 Yury German Gentoo Infrastructure gentoo-dev Security 2015-04-22 20:45:03 UTC
New GLSA Request filed.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2016-01-26 19:50:50 UTC
This issue was resolved and addressed in
 GLSA 201601-02 at https://security.gentoo.org/glsa/201601-02
by GLSA coordinator Kristian Fiskerstrand (K_F).