[SECURITY] [DSA 6074-1] webkit2gtk security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6074-1] webkit2gtk security update
From: Alberto Garcia <berto@debian.org>
Date: Tue, 9 Dec 2025 17:17:32 +0000
Message-id: <[🔎] aThZrPlJy1DfM6oZ@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6074-1                   security@debian.org
https://www.debian.org/security/                           Alberto Garcia
December 09, 2025                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : webkit2gtk
CVE ID         : CVE-2025-13947 CVE-2025-43421 CVE-2025-43458 CVE-2025-66287

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2025-13947

    Janet Black discovered that a website may be able to exfiltrate
    sensitive system information.

CVE-2025-43421

    Nan Wang discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2025-43458

    Phil Beauvoir discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2025-66287

    Stanislav Fort discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

For the oldstable distribution (bookworm), these problems have been fixed
in version 2.50.3-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 2.50.3-1~deb13u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmk4VRYACgkQAAyEYu0C
2AL3pw//QQaTk5+1QpJuSozP2yuhZpaI1dVRzk+ohnOXNy9+Gjiyg1mYcLk7sNka
aJc524BENCDJgqatUUAlX0fO8APMsLBtlsgSgLwMg8ooLMijG33ERgw8JyASWWgS
oJAEpLXWXw0K9dF4NFETToVUMi8c5+0fJADfO7Bn6DYXRcO/0w2IrpgnmBPuelmS
auw+i18NuPpWsdkyLpDmlyRuJ+IKGKKbvteqqp1MsyUwKwT8pZN6iSgm2tFwBvka
EpJocX/Y+r8q1ptViAUo0HNFeriKnrO5zTCbOGuxI6T8ZeGylxalrUj7b11GYqw3
oUyXGcqmf5FSlc1ZNWwQTPqXWutLsbxwbI6L4oRMQiBM+xskO405gMZABZR4uXm6
CoIxnwW75uPB9a/ygiRoQCU9/4tcldsurpEkrkToThl/q4UsBEZa8yHcypkoFbP0
QdsfDQV/ZQzH5M9dd2rHUS+3jXyr6UjVIjODNexMXS3LVHnJ31BeiYpPGIwARbh6
I6kX8Ns5Z13Wkaix+FCd4UmKxJBQ1yWn536mJri2UMpLXrFIMK5gmburRZytnwhY
zC4WU8l1590qMH4LfanpzccGT2cQ8HL2x3Km4WHCOrkLYlDRnwp8ypyH3AacohYv
swEeiv+ScYYCIMHvpP/4EkFZuNmq+JSpkfLo+Iu2k2r0ZU9QVy0=
=E6jG
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6073-1] ffmpeg security update
Next by Date: [SECURITY] [DSA 6075-1] wordpress security update
Previous by thread: [SECURITY] [DSA 6073-1] ffmpeg security update
Next by thread: [SECURITY] [DSA 6075-1] wordpress security update
Index(es):
- Date
- Thread