Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 693122 (CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, WSA-2019-0004) - <net-libs/webkit-gtk-2.24.4: multiple vulnerabilities (WSA-2019-0004)
Summary: <net-libs/webkit-gtk-2.24.4: multiple vulnerabilities (WSA-2019-0004)
Status: RESOLVED FIXED
Alias: CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, WSA-2019-0004
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://webkitgtk.org/security/WSA-20...
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-08-30 14:19 UTC by GLSAMaker/CVETool Bot
Modified: 2019-09-06 16:18 UTC (History)
1 user (show)

See Also:
Package list:
net-libs/webkit-gtk-2.24.4
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-08-30 14:19:51 UTC
CVE-2019-8644 (https://nvd.nist.gov/vuln/detail/CVE-2019-8644):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8649 (https://nvd.nist.gov/vuln/detail/CVE-2019-8649):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8658 (https://nvd.nist.gov/vuln/detail/CVE-2019-8658):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8666 (https://nvd.nist.gov/vuln/detail/CVE-2019-8666):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8669 (https://nvd.nist.gov/vuln/detail/CVE-2019-8669):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8671 (https://nvd.nist.gov/vuln/detail/CVE-2019-8671):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8672 (https://nvd.nist.gov/vuln/detail/CVE-2019-8672):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8673 (https://nvd.nist.gov/vuln/detail/CVE-2019-8673):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8676 (https://nvd.nist.gov/vuln/detail/CVE-2019-8676):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8677 (https://nvd.nist.gov/vuln/detail/CVE-2019-8677):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8678 (https://nvd.nist.gov/vuln/detail/CVE-2019-8678):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8679 (https://nvd.nist.gov/vuln/detail/CVE-2019-8679):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8680 (https://nvd.nist.gov/vuln/detail/CVE-2019-8680):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8681 (https://nvd.nist.gov/vuln/detail/CVE-2019-8681):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8683 (https://nvd.nist.gov/vuln/detail/CVE-2019-8683):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8684 (https://nvd.nist.gov/vuln/detail/CVE-2019-8684):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8686 (https://nvd.nist.gov/vuln/detail/CVE-2019-8686):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8687 (https://nvd.nist.gov/vuln/detail/CVE-2019-8687):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8688 (https://nvd.nist.gov/vuln/detail/CVE-2019-8688):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8689 (https://nvd.nist.gov/vuln/detail/CVE-2019-8689):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2019-8690 (https://nvd.nist.gov/vuln/detail/CVE-2019-8690):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.
Comment 1 Larry the Git Cow gentoo-dev 2019-08-30 20:07:04 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=397ca5618acd3a4a54a564e68437e51792e725ee

commit 397ca5618acd3a4a54a564e68437e51792e725ee
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2019-08-30 20:06:27 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2019-08-30 20:06:44 +0000

    net-libs/webkit-gtk: security bump to 2.24.4
    
    Bug: https://bugs.gentoo.org/693122
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 net-libs/webkit-gtk/Manifest                 |   1 +
 net-libs/webkit-gtk/webkit-gtk-2.24.4.ebuild | 281 +++++++++++++++++++++++++++
 2 files changed, 282 insertions(+)
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-09-01 21:10:04 UTC
arm64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2019-09-02 10:16:19 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2019-09-02 13:24:41 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 5 Larry the Git Cow gentoo-dev 2019-09-02 14:14:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd95ecc7338b510f8beb3c559c630721885e75e7

commit fd95ecc7338b510f8beb3c559c630721885e75e7
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2019-09-02 14:09:01 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2019-09-02 14:09:01 +0000

    net-libs/webkit-gtk: security cleanup
    
    Bug: https://bugs.gentoo.org/693122
    Package-Manager: Portage-2.3.69, Repoman-2.3.12
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 net-libs/webkit-gtk/Manifest                 |   1 -
 net-libs/webkit-gtk/webkit-gtk-2.24.3.ebuild | 281 ---------------------------
 2 files changed, 282 deletions(-)
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2019-09-06 16:18:45 UTC
This issue was resolved and addressed in
 GLSA 201909-05 at https://security.gentoo.org/glsa/201909-05
by GLSA coordinator Thomas Deutschmann (whissi).