Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 829723 (CVE-2021-30887, CVE-2021-30890) - <net-libs/webkit-gtk-2.34.3: multiple vulnerabilities
Summary: <net-libs/webkit-gtk-2.34.3: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2021-30887, CVE-2021-30890
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://webkitgtk.org/security/WSA-20...
Whiteboard: A4 [glsa+]
Keywords:
Depends on: 830597
Blocks: CVE-2021-42762 CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30848, CVE-2021-30849, CVE-2021-30851, CVE-2021-30884, CVE-2021-30888, CVE-2021-30889, CVE-2021-30897, WSA-2021-0006
  Show dependency tree
 
Reported: 2021-12-20 19:43 UTC by John Helmert III
Modified: 2022-02-01 03:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-20 19:43:38 UTC
CVE-2021-30887
    Versions affected: WebKitGTK and WPE WebKit before 2.34.3.
    Credit to Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd.
    Impact: Processing maliciously crafted web content may lead to
    unexpectedly unenforced Content Security Policy. Description: A
    logic issue was addressed with improved restrictions.

CVE-2021-30890
    Versions affected: WebKitGTK and WPE WebKit before 2.34.3.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    universal cross site scripting. Description: A logic issue was
    addressed with improved state management.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-20 19:43:55 UTC
Please bump to 2.34.3.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-01 03:41:08 UTC
commit d2418b0a913a694a55e21440268b44301931867c
Author: John Helmert III <ajak@gentoo.org>
Date:   Mon Jan 31 21:31:04 2022 -0600

    [ GLSA 202202-01 ] WebkitGTK+: Multiple vulnerabilities

    Signed-off-by: John Helmert III <ajak@gentoo.org>

All done!