CVE-2023-32359 (https://wpewebkit.org/security/WSA-2023-0010.html#CVE-2023-32359): This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver. CVE-2023-41983 (https://wpewebkit.org/security/WSA-2023-0010.html#CVE-2023-41983): The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service. CVE-2023-42852 (https://wpewebkit.org/security/WSA-2023-0010.html#CVE-2023-42852): A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba49d7c8bf7ef3433a36fbe3e23ff871c2bbcd77 commit ba49d7c8bf7ef3433a36fbe3e23ff871c2bbcd77 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2023-12-24 15:07:00 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2023-12-24 15:54:27 +0000 net-libs/webkit-gtk: security cleanup Bug: https://bugs.gentoo.org/918667 Bug: https://bugs.gentoo.org/919290 Signed-off-by: Mart Raudsepp <leio@gentoo.org> net-libs/webkit-gtk/Manifest | 3 - ...ailure-when-gstreamer-support-is-disabled.patch | 33 --- net-libs/webkit-gtk/webkit-gtk-2.40.5-r410.ebuild | 264 --------------------- net-libs/webkit-gtk/webkit-gtk-2.40.5-r600.ebuild | 257 -------------------- net-libs/webkit-gtk/webkit-gtk-2.40.5.ebuild | 254 -------------------- net-libs/webkit-gtk/webkit-gtk-2.42.1-r410.ebuild | 262 -------------------- net-libs/webkit-gtk/webkit-gtk-2.42.1-r600.ebuild | 255 -------------------- net-libs/webkit-gtk/webkit-gtk-2.42.1.ebuild | 252 -------------------- net-libs/webkit-gtk/webkit-gtk-2.42.2-r410.ebuild | 262 -------------------- net-libs/webkit-gtk/webkit-gtk-2.42.2-r600.ebuild | 255 -------------------- net-libs/webkit-gtk/webkit-gtk-2.42.2.ebuild | 252 -------------------- 11 files changed, 2349 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=4a07754d6de45c14716438f4a3e32fda6124b30f commit 4a07754d6de45c14716438f4a3e32fda6124b30f Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-31 14:29:39 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-31 14:30:12 +0000 [ GLSA 202401-33 ] WebKitGTK+: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/915222 Bug: https://bugs.gentoo.org/918667 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-33.xml | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+)
