Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 829723 (CVE-2021-30887, CVE-2021-30890) - <net-libs/webkit-gtk-2.34.3: multiple vulnerabilities
Summary: <net-libs/webkit-gtk-2.34.3: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2021-30887, CVE-2021-30890
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://webkitgtk.org/security/WSA-20...
Whiteboard: A4 [glsa+]
Keywords:
Depends on: 830597
Blocks: CVE-2021-42762 CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30848, CVE-2021-30849, CVE-2021-30851, CVE-2021-30884, CVE-2021-30888, CVE-2021-30889, CVE-2021-30897, WSA-2021-0006
  Show dependency tree
 
Reported: 2021-12-20 19:43 UTC by John Helmert III
Modified: 2022-02-01 03:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-20 19:43:38 UTC 
CVE-2021-30887
    Versions affected: WebKitGTK and WPE WebKit before 2.34.3.
    Credit to Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd.
    Impact: Processing maliciously crafted web content may lead to
    unexpectedly unenforced Content Security Policy. Description: A
    logic issue was addressed with improved restrictions.

CVE-2021-30890
    Versions affected: WebKitGTK and WPE WebKit before 2.34.3.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may lead to
    universal cross site scripting. Description: A logic issue was
    addressed with improved state management.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-20 19:43:55 UTC 
Please bump to 2.34.3.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-01 03:41:08 UTC 
commit d2418b0a913a694a55e21440268b44301931867c
Author: John Helmert III <ajak@gentoo.org>
Date:   Mon Jan 31 21:31:04 2022 -0600

    [ GLSA 202202-01 ] WebkitGTK+: Multiple vulnerabilities

    Signed-off-by: John Helmert III <ajak@gentoo.org>

All done!