CVE-2017-1000122 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000122): The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products. CVE-2017-1000121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000121): The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products.
@Maintainers please confirm if we are affected by this vulnerabilities. Thank you.
2.16.3 and newer is safe per https://webkitgtk.org/security/WSA-2017-0007.html
Thank you, nothing else to do here then. GLSA Vote: No