CVE-2020-9862: Impact: Copying a URL from Web Inspector may lead to command injection. Description: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. CVE-2020-9893: Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Description: An use-after-free issue was addressed with improved memory management. CVE-2020-9894: Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9895: Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Description: An use-after-free issue was addressed with improved memory management. CVE-2020-9915: Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. CVE-2020-9925: Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue was addressed with improved state management. All are fixed by 2.28.4 according to $URL. Let's stable when ready?
arm64 stable
amd64 stable
x86 stable. Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e09a9c9cc6ff10e82e4d9a1f8bb6e896325ef029 commit e09a9c9cc6ff10e82e4d9a1f8bb6e896325ef029 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2020-07-30 21:17:26 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2020-07-30 21:17:52 +0000 net-libs/webkit-gtk: security cleanup Bug: https://bugs.gentoo.org/734584 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Mart Raudsepp <leio@gentoo.org> net-libs/webkit-gtk/Manifest | 1 - .../webkit-gtk/files/2.28.3-non-jumbo-fix2.patch | 44 ---- net-libs/webkit-gtk/webkit-gtk-2.28.3.ebuild | 290 --------------------- 3 files changed, 335 deletions(-)
This issue was resolved and addressed in GLSA 202007-61 at https://security.gentoo.org/glsa/202007-61 by GLSA coordinator Sam James (sam_c).