CVE-2023-37450 Versions affected: WebKitGTK and WPE WebKit before 2.40.4. Credit to an anonymous researcher. Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved checks. CVE-2023-32393 Versions affected: WebKitGTK and WPE WebKit before 2.40.0. Credit to Francisco Alonso (@revskills). Impact: Processing web content may lead to arbitrary code execution. Description: The issue was addressed with improved memory handling.
Please bump to 2.40.4.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6976a21b771d32f814890ddfd376c21afd2edb2f commit 6976a21b771d32f814890ddfd376c21afd2edb2f Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2023-08-16 04:16:53 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2023-08-16 04:17:10 +0000 net-libs/webkit-gtk: Drop old versions Bug: https://bugs.gentoo.org/910656 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 1 - net-libs/webkit-gtk/webkit-gtk-2.40.3-r410.ebuild | 258 ---------------------- net-libs/webkit-gtk/webkit-gtk-2.40.3-r600.ebuild | 251 --------------------- net-libs/webkit-gtk/webkit-gtk-2.40.3.ebuild | 248 --------------------- 4 files changed, 758 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a3a0841120687c62c97e02dfd392564da420eec4 commit a3a0841120687c62c97e02dfd392564da420eec4 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-05 13:00:45 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-05 13:01:13 +0000 [ GLSA 202401-04 ] WebKitGTK+: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/907818 Bug: https://bugs.gentoo.org/909663 Bug: https://bugs.gentoo.org/910656 Bug: https://bugs.gentoo.org/918087 Bug: https://bugs.gentoo.org/918099 Bug: https://bugs.gentoo.org/919290 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-04.xml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+)