Incoming details.
------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0010 ------------------------------------------------------------------------ Date reported : December 19, 2017 Advisory ID : WSA-2017-0010 Advisory URL : https://webkitgtk.org/security/WSA-2017-0010.html CVE identifiers : CVE-2017-7156, CVE-2017-7157, CVE-2017-13856, CVE-2017-13866, CVE-2017-13870. Several vulnerabilities were discovered in WebKitGTK+. CVE-2017-7156 Versions affected: WebKitGTK+ before 2.18.4. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7157 Versions affected: WebKitGTK+ before 2.18.1. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13856 Versions affected: WebKitGTK+ before 2.18.4. Credit to Jeonghoon Shin. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13866 Versions affected: WebKitGTK+ before 2.18.4. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13870 Versions affected: WebKitGTK+ before 2.18.4. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2037d637f2b5fa504fad32fa8628044050ffb603 commit 2037d637f2b5fa504fad32fa8628044050ffb603 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2017-12-20 13:54:53 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2017-12-20 13:58:54 +0000 net-libs/webkit-gtk: security bump to 2.18.4 Bug: https://bugs.gentoo.org/641752 Package-Manager: Portage-2.3.19, Repoman-2.3.6 net-libs/webkit-gtk/Manifest | 1 + net-libs/webkit-gtk/webkit-gtk-2.18.4.ebuild | 284 +++++++++++++++++++++++++++ 2 files changed, 285 insertions(+)}
x86 stable
amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e7e9386980fdf244980b36ef60bf7f050094848 commit 1e7e9386980fdf244980b36ef60bf7f050094848 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2017-12-27 20:23:58 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2017-12-27 20:23:58 +0000 net-libs/webkit-gtk: security cleanup Bug: https://bugs.gentoo.org/641752 Package-Manager: Portage-2.3.19, Repoman-2.3.6 net-libs/webkit-gtk/Manifest | 1 - net-libs/webkit-gtk/webkit-gtk-2.18.3.ebuild | 284 --------------------------- 2 files changed, 285 deletions(-)}
New GLSA request filed. Gentoo Security Padawan (Jmbailey/mbailey_j)
This issue was resolved and addressed in GLSA 201801-09 at https://security.gentoo.org/glsa/201801-09 by GLSA coordinator Aaron Bauman (b-man).