Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 662974 (CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284) - <net-libs/webkit-gtk-2.20.4: multiple vulnerabilities
Summary: <net-libs/webkit-gtk-2.20.4: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://webkitgtk.org/security/WSA-20...
Whiteboard: B2 [glsa+ cve cleanup]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-06 19:19 UTC by GLSAMaker/CVETool Bot
Modified: 2018-08-22 21:29 UTC (History)
1 user (show)

See Also:
Package list:
net-libs/webkit-gtk-2.20.4
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-08-06 19:19:27 UTC 
CVE-2018-4261 (https://nvd.nist.gov/vuln/detail/CVE-2018-4261):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4262 (https://nvd.nist.gov/vuln/detail/CVE-2018-4262):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4263 (https://nvd.nist.gov/vuln/detail/CVE-2018-4263):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4264 (https://nvd.nist.gov/vuln/detail/CVE-2018-4264):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4265 (https://nvd.nist.gov/vuln/detail/CVE-2018-4265):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4266 (https://nvd.nist.gov/vuln/detail/CVE-2018-4266):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4267 (https://nvd.nist.gov/vuln/detail/CVE-2018-4267):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4270 (https://nvd.nist.gov/vuln/detail/CVE-2018-4270):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4272 (https://nvd.nist.gov/vuln/detail/CVE-2018-4272):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4273 (https://nvd.nist.gov/vuln/detail/CVE-2018-4273):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4278 (https://nvd.nist.gov/vuln/detail/CVE-2018-4278):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.

CVE-2018-4284 (https://nvd.nist.gov/vuln/detail/CVE-2018-4284):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-08-06 22:21:59 UTC 
x86 stable
Comment 2 Agostino Sarubbo gentoo-dev 2018-08-07 12:22:58 UTC 
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 3 Mart Raudsepp gentoo-dev 2018-08-08 10:20:53 UTC 
Cleanup of 2.20.3 was done, getting rid of 2.18 still needs ~ arches to keyword woff2 finally.

There is now a webkitgtk advisory that goes into more detail, plus has one CVE made public that was fixed in webkit-gtk 2.20.2 already and probably is missing from our earlier sets. Please update bug aliases and such as appropriate.

https://webkitgtk.org/security/WSA-2018-0006.html
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-08-10 18:59:46 UTC 
Added to existing glsa draft
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2018-08-22 21:29:24 UTC 
This issue was resolved and addressed in
 GLSA 201808-04 at https://security.gentoo.org/glsa/201808-04
by GLSA coordinator Thomas Deutschmann (whissi).