CVE-2020-13558: Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: An use after free issue in the AudioSourceProviderGStreamer class was addressed with improved memory management. Fixed in 2.30.5, please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fbec848dd4cee78c72e9702952e82229d0a0440c commit fbec848dd4cee78c72e9702952e82229d0a0440c Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2021-02-18 22:44:40 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2021-02-18 22:44:40 +0000 net-libs/webkit-gtk: security bump to 2.30.5 Bug: https://bugs.gentoo.org/770793 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Mart Raudsepp <leio@gentoo.org> net-libs/webkit-gtk/Manifest | 1 + net-libs/webkit-gtk/webkit-gtk-2.30.5.ebuild | 300 +++++++++++++++++++++++++++ 2 files changed, 301 insertions(+)
x86 stable
ppc64 done
arm64 done
arm done
amd64 done all arches done
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d357471062a5ed1dacf0662ac581bb79388ff92 commit 3d357471062a5ed1dacf0662ac581bb79388ff92 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2021-02-20 09:44:50 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2021-02-20 09:44:50 +0000 net-libs/webkit-gtk: security cleanup Bug: https://bugs.gentoo.org/770793 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Mart Raudsepp <leio@gentoo.org> net-libs/webkit-gtk/Manifest | 2 - net-libs/webkit-gtk/files/2.30.3-icu68.patch | 179 -------------- net-libs/webkit-gtk/webkit-gtk-2.30.3.ebuild | 297 ----------------------- net-libs/webkit-gtk/webkit-gtk-2.30.4-r1.ebuild | 300 ------------------------ net-libs/webkit-gtk/webkit-gtk-2.30.4.ebuild | 296 ----------------------- 5 files changed, 1074 deletions(-)
Added to an existing GLSA.
This issue was resolved and addressed in GLSA 202104-03 at https://security.gentoo.org/glsa/202104-03 by GLSA coordinator Thomas Deutschmann (whissi).
