Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 843152 - net-libs/webkit-gtk: multiple vulnerabilities
Summary: net-libs/webkit-gtk: multiple vulnerabilities
Status: RESOLVED DUPLICATE of bug 839984
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-05-07 14:45 UTC by John Helmert III
Modified: 2022-06-01 15:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-07 14:45:49 UTC 
CVE-2022-30293 (https://bugs.webkit.org/show_bug.cgi?id=237187):

In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.

CVE-2022-30294 (https://bugs.webkit.org/show_bug.cgi?id=237188):

In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-free in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.

These are duplicates. There is a patch:

https://github.com/WebKit/WebKit/commit/fb8ed3d7e9868de82621015783d1f0cc1080b4e4

But I don't know how to parse those tags, so unsure if this has made it into a release.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-28 22:40:59 UTC 
2.36.3 has been released with fixes "several crashes and rendering issues" (read: multiple code execution issues).
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-01 15:38:29 UTC 
These are apparently in 2.36.1.

*** This bug has been marked as a duplicate of bug 839984 ***