Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 644128 - <net-libs/webkit-gtk-2.18.5: Spectre/Meltdown mitigation (CVE-2017-{5715,5753})
Summary: <net-libs/webkit-gtk-2.18.5: Spectre/Meltdown mitigation (CVE-2017-{5715,5753})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://webkitgtk.org/security/WSA-20...
Whiteboard: A4 [noglsa cve]
Keywords:
Depends on:
Blocks: CVE-2017-5715 CVE-2017-5753
  Show dependency tree
 
Reported: 2018-01-10 15:08 UTC by GLSAMaker/CVETool Bot
Modified: 2018-03-15 21:56 UTC (History)
1 user (show)

See Also:
Package list:
net-libs/webkit-gtk-2.18.5
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-01-10 15:08:47 UTC
CVE-2017-5753 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5753):
  Systems with microprocessors utilizing speculative execution and branch
  prediction may allow unauthorized disclosure of information to an attacker
  with local user access via a side-channel analysis.

CVE-2017-5715 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5715):
  Systems with microprocessors utilizing speculative execution and indirect
  branch prediction may allow unauthorized disclosure of information to an
  attacker with local user access via a side-channel analysis.
Comment 1 Larry the Git Cow gentoo-dev 2018-01-11 13:52:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=985a787359c84f142eb47005244b681ebc35b2be

commit 985a787359c84f142eb47005244b681ebc35b2be
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2018-01-11 13:52:15 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2018-01-11 13:52:15 +0000

    net-libs/webkit-gtk: security bump to 2.18.5 for Spectre mitigation
    
    Bug: https://bugs.gentoo.org/644128
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 net-libs/webkit-gtk/Manifest                 |   1 +
 net-libs/webkit-gtk/webkit-gtk-2.18.5.ebuild | 284 +++++++++++++++++++++++++++
 2 files changed, 285 insertions(+)}
Comment 2 Mart Raudsepp gentoo-dev 2018-01-11 14:06:38 UTC
Not sure why Meltdown is mentioned in summary. Also my summary change to mention the version now reads odd, as if earlier has mitigation, due to the backwards way with mitigations
Comment 3 Thomas Deutschmann gentoo-dev Security 2018-01-11 20:11:29 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2018-01-14 15:31:27 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 5 Larry the Git Cow gentoo-dev 2018-01-15 18:20:48 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f29a87fb51e655797c146b3f5120c47401572a5a

commit f29a87fb51e655797c146b3f5120c47401572a5a
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2018-01-15 18:19:13 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2018-01-15 18:19:13 +0000

    net-libs/webkit-gtk: security cleanup
    
    Bug: https://bugs.gentoo.org/644128
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 net-libs/webkit-gtk/Manifest                 |   1 -
 net-libs/webkit-gtk/webkit-gtk-2.18.4.ebuild | 284 ---------------------------
 2 files changed, 285 deletions(-)}
Comment 6 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-03-15 21:56:51 UTC
GLSA Vote: No

marking as FIXED.

Thank you