diff options
| author | Alberto Garcia <berto@igalia.com> | 2021-07-27 11:01:42 +0200 |
|---|---|---|
| committer | Alberto Garcia <berto@igalia.com> | 2021-07-27 11:04:58 +0200 |
| commit | 44661813797f6c9405d5b26d98cbb54bd825e173 (patch) | |
| tree | d6c156a0cfbd08170db6c569c9491b3fcd7682de | |
| parent | 6e5e34d35bb84b8d218f5a10eab10ccbaa4e1517 (diff) | |
webkit2gtk upstream advisory WSA-2021-0004
| -rw-r--r-- | data/CVE/list | 88 | ||||
| -rw-r--r-- | data/DSA/list | 10 | ||||
| -rw-r--r-- | data/dsa-needed.txt | 2 |
3 files changed, 91 insertions, 9 deletions
diff --git a/data/CVE/list b/data/CVE/list index 1464b1ed74..aa2293aac6 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -15691,14 +15691,26 @@ CVE-2021-30800 RESERVED CVE-2021-30799 RESERVED + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30798 RESERVED CVE-2021-30797 RESERVED + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30796 RESERVED CVE-2021-30795 RESERVED + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30794 RESERVED CVE-2021-30793 @@ -15765,14 +15777,26 @@ CVE-2021-30763 RESERVED CVE-2021-30762 RESERVED + - webkit2gtk 2.28.0-2 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.28.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30761 RESERVED + - webkit2gtk 2.26.1-2 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.26.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30760 RESERVED CVE-2021-30759 RESERVED CVE-2021-30758 RESERVED + - webkit2gtk 2.32.2-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.2-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30757 RESERVED CVE-2021-30756 @@ -15791,6 +15815,10 @@ CVE-2021-30750 RESERVED CVE-2021-30749 RESERVED + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30748 RESERVED CVE-2021-30747 @@ -15801,6 +15829,10 @@ CVE-2021-30745 RESERVED CVE-2021-30744 RESERVED + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30743 RESERVED CVE-2021-30742 @@ -15821,6 +15853,10 @@ CVE-2021-30735 RESERVED CVE-2021-30734 RESERVED + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30733 RESERVED CVE-2021-30732 @@ -15849,6 +15885,10 @@ CVE-2021-30721 RESERVED CVE-2021-30720 RESERVED + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30719 RESERVED CVE-2021-30718 @@ -15911,6 +15951,10 @@ CVE-2021-30690 RESERVED CVE-2021-30689 RESERVED + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30688 RESERVED CVE-2021-30687 @@ -15925,6 +15969,10 @@ CVE-2021-30683 RESERVED CVE-2021-30682 RESERVED + - webkit2gtk 2.32.0-2 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.0-2 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30681 RESERVED CVE-2021-30680 @@ -15957,16 +16005,32 @@ CVE-2021-30667 RESERVED CVE-2021-30666 RESERVED + - webkit2gtk 2.26.1-2 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.26.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30665 RESERVED + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30664 RESERVED CVE-2021-30663 RESERVED + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30662 RESERVED CVE-2021-30661 RESERVED + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-30660 RESERVED CVE-2021-30659 @@ -37389,11 +37453,11 @@ CVE-2021-21781 CVE-2021-21780 RESERVED CVE-2021-21779 (A use-after-free vulnerability exists in the way Webkit’s Graphi ...) - - webkit2gtk <unfixed> + - webkit2gtk 2.32.3-1 [bullseye] - webkit2gtk <postponed> (Fix along with next update round) [buster] - webkit2gtk <postponed> (Fix along with next update round) [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - - wpewebkit <unfixed> + - wpewebkit 2.32.3-1 [bullseye] - wpewebkit <postponed> (Minor issue, fix along with next update) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238 CVE-2021-21778 @@ -37403,11 +37467,11 @@ CVE-2021-21777 (An information disclosure vulnerability exists in the Ethernet/I CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format Buffer S ...) NOT-FOR-US: ImageGear CVE-2021-21775 (A use-after-free vulnerability exists in the way certain events are pr ...) - - webkit2gtk <unfixed> + - webkit2gtk 2.32.3-1 [bullseye] - webkit2gtk <postponed> (Fix along with next update round) [buster] - webkit2gtk <postponed> (Fix along with next update round) [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) - - wpewebkit <unfixed> + - wpewebkit 2.32.3-1 [bullseye] - wpewebkit <postponed> (Minor issue, fix along with next update) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229 CVE-2021-21774 @@ -45845,8 +45909,16 @@ CVE-2021-1827 RESERVED CVE-2021-1826 RESERVED + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-1825 RESERVED + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-1824 RESERVED CVE-2021-1823 @@ -45857,12 +45929,20 @@ CVE-2021-1821 RESERVED CVE-2021-1820 RESERVED + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-1819 RESERVED CVE-2021-1818 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2021-1817 RESERVED + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html CVE-2021-1816 RESERVED CVE-2021-1815 diff --git a/data/DSA/list b/data/DSA/list index b31689613d..670ea64f46 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -62,7 +62,7 @@ {CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620} [buster] - squid 4.6-1+deb10u6 [30 May 2021] DSA-4923-1 webkit2gtk - security update - {CVE-2021-1788 CVE-2021-1844 CVE-2021-1871} + {CVE-2021-1788 CVE-2021-1844 CVE-2021-1871 CVE-2021-30682} [buster] - webkit2gtk 2.32.1-1~deb10u1 [29 May 2021] DSA-4922-1 hyperkitty - security update {CVE-2021-33038} @@ -199,7 +199,7 @@ {CVE-2021-27291} [buster] - pygments 2.3.1+dfsg-1+deb10u2 [27 Mar 2021] DSA-4877-1 webkit2gtk - security update - {CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1870 CVE-2021-21806} + {CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1870 CVE-2021-21806 CVE-2021-21806} [buster] - webkit2gtk 2.30.6-1~deb10u1 [25 Mar 2021] DSA-4876-1 thunderbird - security update {CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-29950} @@ -450,7 +450,7 @@ {CVE-2020-28984} [buster] - spip 3.2.4-1+deb10u3 [23 Nov 2020] DSA-4797-1 webkit2gtk - security update - {CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13543 CVE-2020-13584} + {CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13543 CVE-2020-13584 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-30661} [buster] - webkit2gtk 2.30.3-1~deb10u1 [21 Nov 2020] DSA-4796-1 thunderbird - security update {CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968} @@ -824,7 +824,7 @@ {CVE-2020-11651 CVE-2020-11652} [stretch] - salt 2016.11.2+ds-1+deb9u4 [07 May 2020] DSA-4681-1 webkit2gtk - security update - {CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902} + {CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2021-30762} [buster] - webkit2gtk 2.28.2-2~deb10u1 [06 May 2020] DSA-4680-1 tomcat9 - security update {CVE-2019-10072 CVE-2019-12418 CVE-2019-17563 CVE-2019-17569 CVE-2020-1935 CVE-2020-1938} @@ -1266,7 +1266,7 @@ [stretch] - proftpd-dfsg 1.3.5b-4+deb9u2 [buster] - proftpd-dfsg 1.3.6-4+deb10u2 [04 Nov 2019] DSA-4558-1 webkit2gtk - security update - {CVE-2019-8625 CVE-2019-8720 CVE-2019-8769 CVE-2019-8771 CVE-2019-8710 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2019-8783 CVE-2019-8811 CVE-2019-8813 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823} + {CVE-2019-8625 CVE-2019-8720 CVE-2019-8769 CVE-2019-8771 CVE-2019-8710 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2019-8783 CVE-2019-8811 CVE-2019-8813 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2021-30666 CVE-2021-30761} [buster] - webkit2gtk 2.26.1-3~deb10u1 [31 Oct 2019] DSA-4557-1 libarchive - security update {CVE-2019-18408} diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 4d2586947d..5730139261 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -49,3 +49,5 @@ trafficserver (jmm) -- varnish -- +webkit2gtk +-- |