Old open CVEs in webkit2gtk
I was having a look at the list of CVEs for webkit2gtk:
https://security-tracker.debian.org/tracker/source-package/webkit2gtk
Two of them (CVE-2019-8375 and CVE-2017-17821) are listed as still
open in buster / bullseye / sid, however
1) CVE-2019-8375 was fixed in webkit2gtk 2.23.90:
https://github.com/Igalia/webkit/commit/15091e3aa288df50ade0d78b5f444ec0d1814573
2) CVE-2017-17821 was fixed in webkit2gtk 2.21.3:
https://github.com/Igalia/webkit/commit/2a17b15297eb886b0bfb7d098ef607cfad6c3da0
Berto
Reply to: