diff options
author | Alberto Garcia <berto@igalia.com> | 2023-12-18 12:38:42 +0100 |
---|---|---|
committer | Alberto Garcia <berto@igalia.com> | 2023-12-18 12:38:42 +0100 |
commit | 4cf9ac89ab8083805495c1e9e2e65918fb5e08f9 (patch) | |
tree | fe9b913514ac6d2659a5124d6941974232e81f13 | |
parent | edc4b4ae3b18500b0372a6087e09015dddb4c47d (diff) |
webkit2gtk / wpewebkit upstream advisory WSA-2023-0012
-rw-r--r-- | data/CVE/list | 14 | ||||
-rw-r--r-- | data/DSA/list | 2 | ||||
-rw-r--r-- | data/dsa-needed.txt | 2 |
3 files changed, 15 insertions, 3 deletions
diff --git a/data/CVE/list b/data/CVE/list index 1def025230..a400d85163 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1703,13 +1703,23 @@ CVE-2023-42894 (This issue was addressed with improved redaction of sensitive in CVE-2023-42891 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2023-42890 (The issue was addressed with improved memory handling. This issue is f ...) - NOT-FOR-US: Apple + - webkit2gtk 2.42.0-1 + [buster] - webkit2gtk <end-of-life> (EOL in buster LTS) + - wpewebkit 2.42.0-1 + [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0012.html CVE-2023-42886 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2023-42884 (This issue was addressed with improved redaction of sensitive informat ...) NOT-FOR-US: Apple CVE-2023-42883 (The issue was addressed with improved memory handling. This issue is f ...) - NOT-FOR-US: Apple + - webkit2gtk 2.42.4-1 + [buster] - webkit2gtk <end-of-life> (EOL in buster LTS) + - wpewebkit 2.42.4-1 + [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0012.html CVE-2023-42882 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-42874 (This issue was addressed with improved state management. This issue is ...) diff --git a/data/DSA/list b/data/DSA/list index 41fe345233..374274acfd 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -199,7 +199,7 @@ [12 Oct 2023] DSA-5522-2 tomcat9 - regression update [bullseye] - tomcat9 9.0.43-2~deb11u8 [12 Oct 2023] DSA-5527-1 webkit2gtk - security update - {CVE-2023-32359 CVE-2023-39928 CVE-2023-41074 CVE-2023-41993} + {CVE-2023-32359 CVE-2023-39928 CVE-2023-41074 CVE-2023-41993 CVE-2023-42890} [bullseye] - webkit2gtk 2.42.1-1~deb11u1 [bookworm] - webkit2gtk 2.42.1-1~deb12u1 [12 Oct 2023] DSA-5526-1 chromium - security update diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt index 1e4a0d89d6..05618bf059 100644 --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -93,6 +93,8 @@ squid -- varnish -- +webkit2gtk (berto) +-- zbar unfixed upstream, initial aproaches are overly strict and cause zbar's tests to fail, some caution is in order -- |