summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlberto Garcia <berto@igalia.com>2023-12-18 12:38:42 +0100
committerAlberto Garcia <berto@igalia.com>2023-12-18 12:38:42 +0100
commit4cf9ac89ab8083805495c1e9e2e65918fb5e08f9 (patch)
treefe9b913514ac6d2659a5124d6941974232e81f13
parentedc4b4ae3b18500b0372a6087e09015dddb4c47d (diff)
webkit2gtk / wpewebkit upstream advisory WSA-2023-0012
Diffstat
-rw-r--r--data/CVE/list14
-rw-r--r--data/DSA/list2
-rw-r--r--data/dsa-needed.txt2
3 files changed, 15 insertions, 3 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 1def025230..a400d85163 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1703,13 +1703,23 @@ CVE-2023-42894 (This issue was addressed with improved redaction of sensitive in
CVE-2023-42891 (An authentication issue was addressed with improved state management. ...)
NOT-FOR-US: Apple
CVE-2023-42890 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.42.0-1
+ [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+ - wpewebkit 2.42.0-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0012.html
CVE-2023-42886 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2023-42884 (This issue was addressed with improved redaction of sensitive informat ...)
NOT-FOR-US: Apple
CVE-2023-42883 (The issue was addressed with improved memory handling. This issue is f ...)
- NOT-FOR-US: Apple
+ - webkit2gtk 2.42.4-1
+ [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
+ - wpewebkit 2.42.4-1
+ [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
+ [bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
+ NOTE: https://webkitgtk.org/security/WSA-2023-0012.html
CVE-2023-42882 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2023-42874 (This issue was addressed with improved state management. This issue is ...)
diff --git a/data/DSA/list b/data/DSA/list
index 41fe345233..374274acfd 100644
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -199,7 +199,7 @@
[12 Oct 2023] DSA-5522-2 tomcat9 - regression update
[bullseye] - tomcat9 9.0.43-2~deb11u8
[12 Oct 2023] DSA-5527-1 webkit2gtk - security update
- {CVE-2023-32359 CVE-2023-39928 CVE-2023-41074 CVE-2023-41993}
+ {CVE-2023-32359 CVE-2023-39928 CVE-2023-41074 CVE-2023-41993 CVE-2023-42890}
[bullseye] - webkit2gtk 2.42.1-1~deb11u1
[bookworm] - webkit2gtk 2.42.1-1~deb12u1
[12 Oct 2023] DSA-5526-1 chromium - security update
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 1e4a0d89d6..05618bf059 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -93,6 +93,8 @@ squid
--
varnish
--
+webkit2gtk (berto)
+--
zbar
unfixed upstream, initial aproaches are overly strict and cause zbar's tests to fail, some caution is in order
--

© 2014-2024 Faster IT GmbH | imprint | privacy policy