Old open CVEs in webkit2gtk

To: debian-security-tracker@lists.debian.org
Subject: Old open CVEs in webkit2gtk
From: Alberto Garcia <berto@igalia.com>
Date: Wed, 4 Sep 2019 09:44:51 +0200
Message-id: <[🔎] 20190904074451.GA25976@igalia.com>
Mail-followup-to: debian-security-tracker@lists.debian.org

I was having a look at the list of CVEs for webkit2gtk:

https://security-tracker.debian.org/tracker/source-package/webkit2gtk

Two of them (CVE-2019-8375 and CVE-2017-17821) are listed as still
open in buster / bullseye / sid, however

1) CVE-2019-8375 was fixed in webkit2gtk 2.23.90:

   https://github.com/Igalia/webkit/commit/15091e3aa288df50ade0d78b5f444ec0d1814573

2) CVE-2017-17821 was fixed in webkit2gtk 2.21.3:

   https://github.com/Igalia/webkit/commit/2a17b15297eb886b0bfb7d098ef607cfad6c3da0

Berto

Reply to:

Follow-Ups:
- Re: Old open CVEs in webkit2gtk
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: External check
Next by Date: External check
Previous by thread: External check
Next by thread: Re: Old open CVEs in webkit2gtk
Index(es):
- Date
- Thread