"CVE-2022-0108 Versions affected: WebKitGTK and WPE WebKit before 2.38.6 and 2.40 branch before 2.40.1. Credit to Luan Herrera (@lbherrera_). Impact: An HTML document may be able to render iframes with sensitive user information. Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2022-32885 Versions affected: WebKitGTK and WPE WebKit before 2.38.6 and 2.40 branch before 2.40.1. Credit to P1umer(@p1umer) and Q1IQ(@q1iqF). Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved validation. CVE-2023-27932 Versions affected: WebKitGTK and WPE WebKit before 2.38.6 and 2.40 branch before 2.40.1. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may bypass Same Origin Policy. Description: This issue was addressed with improved state management. CVE-2023-27954 Versions affected: WebKitGTK and WPE WebKit before 2.38.6 and 2.40 branch before 2.40.1. Credit to an anonymous researcher. Impact: A website may be able to track sensitive user information. Description: The issue was addressed by removing origin information. CVE-2023-28205 Versions affected: WebKitGTK and WPE WebKit before 2.38.6 and 2.40 branch before 2.40.1. Credit to Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management." Please stabilize 2.40.1.
Thanks! Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d24459ed817d36cb6b0a3c3e487ae392a0237826 commit d24459ed817d36cb6b0a3c3e487ae392a0237826 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2023-05-18 14:40:12 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2023-05-18 14:40:37 +0000 net-libs/webkit-gtk: Drop SLOT=5 Has been replaced by SLOT=6. Bug: https://bugs.gentoo.org/905351 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 1 - net-libs/webkit-gtk/files/2.38.3-gcc-13.patch | 25 -- net-libs/webkit-gtk/files/2.38.5-gcc-13.patch | 30 --- net-libs/webkit-gtk/webkit-gtk-2.38.5-r500.ebuild | 265 ---------------------- 4 files changed, 321 deletions(-)
Other vulnerable versions dropped in commit f2e39b35f2bc73494ab8e38c67240a45a868e27f Author: Matt Turner <mattst88@gentoo.org> Date: Wed May 17 17:14:14 2023 -0400 net-libs/webkit-gtk: Drop old versions Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 1 - net-libs/webkit-gtk/webkit-gtk-2.38.5-r410.ebuild | 271 ---------------------- net-libs/webkit-gtk/webkit-gtk-2.38.5.ebuild | 261 --------------------- net-libs/webkit-gtk/webkit-gtk-2.40.0-r410.ebuild | 257 -------------------- net-libs/webkit-gtk/webkit-gtk-2.40.0-r600.ebuild | 250 -------------------- net-libs/webkit-gtk/webkit-gtk-2.40.0.ebuild | 247 -------------------- 6 files changed, 1287 deletions(-)
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a8dea8203b3b4b4cca0bdebe02a9a8ea505ae935 commit a8dea8203b3b4b4cca0bdebe02a9a8ea505ae935 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-30 03:01:57 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-30 03:05:03 +0000 [ GLSA 202305-32 ] WebKitGTK+: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/871732 Bug: https://bugs.gentoo.org/879571 Bug: https://bugs.gentoo.org/888563 Bug: https://bugs.gentoo.org/905346 Bug: https://bugs.gentoo.org/905349 Bug: https://bugs.gentoo.org/905351 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-32.xml | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+)
GLSA released, all done!
CVE-2023-32435 (https://support.apple.com/en-us/HT213670): A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. According to WSA-2023-0005 (https://webkitgtk.org/security/WSA-2023-0005.html): "CVE-2023-32435 Versions affected: WebKitGTK and WPE WebKit before 2.40.0. Credit to Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky. Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A memory corruption issue was addressed with improved state management."
