Description: "CVE-2022-42852 Versions affected: WebKitGTK and WPE WebKit before 2.38.3. Credit to hazbinhotel working with Trend Micro Zero Day Initiative. Impact: Processing maliciously crafted web content may result in the disclosure of process memory. Description: The issue was addressed with improved memory handling. CVE-2022-42856 Versions affected: WebKitGTK and WPE WebKit before 2.38.3. Credit to Clément Lecigne of Google's Threat Analysis Group. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A type confusion issue was addressed with improved state handling. CVE-2022-42867 Versions affected: WebKitGTK and WPE WebKit before 2.38.3. Credit to Maddie Stone of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management. CVE-2022-46692 Versions affected: WebKitGTK and WPE WebKit before 2.38.3. Credit to KirtiKumar Anandrao Ramchandani. Impact: Processing maliciously crafted web content may bypass Same Origin Policy. Description: A logic issue was addressed with improved state management. CVE-2022-46698 Versions affected: WebKitGTK and WPE WebKit before 2.38.3. Credit to Dohyun Lee (@l33d0hyun) of DNSLab at Korea University, Ryan Shin of IAAI SecLab at Korea University. Impact: Processing maliciously crafted web content may disclose sensitive user information. Description: A logic issue was addressed with improved checks. CVE-2022-46699 Versions affected: WebKitGTK and WPE WebKit before 2.38.3. Credit to Samuel Groß of Google V8 Security. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. CVE-2022-46700 Versions affected: WebKitGTK and WPE WebKit before 2.38.3. Credit to Samuel Groß of Google V8 Security. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved input validation."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f1279036efde4a92f96f8d94e533e71aaa60c0b commit 2f1279036efde4a92f96f8d94e533e71aaa60c0b Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2023-02-20 17:01:25 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2023-02-20 17:32:20 +0000 net-libs/webkit-gtk: Drop old versions Bug: https://bugs.gentoo.org/888563 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 2 - net-libs/webkit-gtk/webkit-gtk-2.38.2-r410.ebuild | 263 --------------------- net-libs/webkit-gtk/webkit-gtk-2.38.2-r500.ebuild | 259 --------------------- net-libs/webkit-gtk/webkit-gtk-2.38.2.ebuild | 253 --------------------- net-libs/webkit-gtk/webkit-gtk-2.38.4-r410.ebuild | 264 ---------------------- net-libs/webkit-gtk/webkit-gtk-2.38.4-r500.ebuild | 259 --------------------- net-libs/webkit-gtk/webkit-gtk-2.38.4.ebuild | 254 --------------------- 7 files changed, 1554 deletions(-)
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a8dea8203b3b4b4cca0bdebe02a9a8ea505ae935 commit a8dea8203b3b4b4cca0bdebe02a9a8ea505ae935 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-30 03:01:57 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-30 03:05:03 +0000 [ GLSA 202305-32 ] WebKitGTK+: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/871732 Bug: https://bugs.gentoo.org/879571 Bug: https://bugs.gentoo.org/888563 Bug: https://bugs.gentoo.org/905346 Bug: https://bugs.gentoo.org/905349 Bug: https://bugs.gentoo.org/905351 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-32.xml | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+)
GLSA released, all done!