According to WSA-2023-0008: CVE-2023-28198 Versions affected: WebKitGTK and WPE WebKit before 2.40.1. Credit to hazbinhotel working with Trend Micro Zero Day Initiative. Impact: Processing web content may lead to arbitrary code execution. Description: A use-after-free issue was addressed with improved memory management. CVE-2023-32370 Versions affected: WebKitGTK and WPE WebKit before 2.40.1. Credit to Gertjan Franken of imec-DistriNet, KU Leuven. Impact: Content Security Policy to block domains with wildcards may fail. Description: A logic issue was addressed with improved validation.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a3a0841120687c62c97e02dfd392564da420eec4 commit a3a0841120687c62c97e02dfd392564da420eec4 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-05 13:00:45 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-05 13:01:13 +0000 [ GLSA 202401-04 ] WebKitGTK+: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/907818 Bug: https://bugs.gentoo.org/909663 Bug: https://bugs.gentoo.org/910656 Bug: https://bugs.gentoo.org/918087 Bug: https://bugs.gentoo.org/918099 Bug: https://bugs.gentoo.org/919290 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-04.xml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+)
