Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 910656 (CVE-2023-32393, CVE-2023-37450, WSA-2023-0006) - <net-libs/webkit-gtk-2.40.4: Multiple vulnerabilities
Summary: <net-libs/webkit-gtk-2.40.4: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2023-32393, CVE-2023-37450, WSA-2023-0006
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://webkitgtk.org/security/WSA-20...
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 910698
Blocks:
  Show dependency tree
 
Reported: 2023-07-21 22:46 UTC by Sam James
Modified: 2024-01-05 13:03 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-07-21 22:46:12 UTC 
CVE-2023-37450
        Versions affected: WebKitGTK and WPE WebKit before 2.40.4.
        Credit to an anonymous researcher.
        Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved checks.

    CVE-2023-32393
        Versions affected: WebKitGTK and WPE WebKit before 2.40.0.
        Credit to Francisco Alonso (@revskills).
        Impact: Processing web content may lead to arbitrary code execution. Description: The issue was addressed with improved memory handling.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-07-21 22:46:44 UTC 
Please bump to 2.40.4.
Comment 2 Larry the Git Cow gentoo-dev 2023-08-16 04:17:32 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6976a21b771d32f814890ddfd376c21afd2edb2f

commit 6976a21b771d32f814890ddfd376c21afd2edb2f
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2023-08-16 04:16:53 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2023-08-16 04:17:10 +0000

    net-libs/webkit-gtk: Drop old versions
    
    Bug: https://bugs.gentoo.org/910656
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 net-libs/webkit-gtk/Manifest                      |   1 -
 net-libs/webkit-gtk/webkit-gtk-2.40.3-r410.ebuild | 258 ----------------------
 net-libs/webkit-gtk/webkit-gtk-2.40.3-r600.ebuild | 251 ---------------------
 net-libs/webkit-gtk/webkit-gtk-2.40.3.ebuild      | 248 ---------------------
 4 files changed, 758 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-01-05 13:01:20 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=a3a0841120687c62c97e02dfd392564da420eec4

commit a3a0841120687c62c97e02dfd392564da420eec4
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-05 13:00:45 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-05 13:01:13 +0000

    [ GLSA 202401-04 ] WebKitGTK+: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/907818
    Bug: https://bugs.gentoo.org/909663
    Bug: https://bugs.gentoo.org/910656
    Bug: https://bugs.gentoo.org/918087
    Bug: https://bugs.gentoo.org/918099
    Bug: https://bugs.gentoo.org/919290
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-04.xml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)