Re: Old open CVEs in webkit2gtk

To: debian-security-tracker@lists.debian.org
Subject: Re: Old open CVEs in webkit2gtk
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 7 Sep 2019 21:33:20 +0200
Message-id: <[🔎] 20190907193320.GA23348@eldamar.local>
Mail-followup-to: debian-security-tracker@lists.debian.org
In-reply-to: <[🔎] 20190904074451.GA25976@igalia.com>
References: <[🔎] 20190904074451.GA25976@igalia.com>

Hi Alberto,

On Wed, Sep 04, 2019 at 09:44:51AM +0200, Alberto Garcia wrote:
> I was having a look at the list of CVEs for webkit2gtk:
> 
> https://security-tracker.debian.org/tracker/source-package/webkit2gtk
> 
> Two of them (CVE-2019-8375 and CVE-2017-17821) are listed as still
> open in buster / bullseye / sid, however
> 
> 1) CVE-2019-8375 was fixed in webkit2gtk 2.23.90:
> 
>    https://github.com/Igalia/webkit/commit/15091e3aa288df50ade0d78b5f444ec0d1814573
> 
> 2) CVE-2017-17821 was fixed in webkit2gtk 2.21.3:
> 
>    https://github.com/Igalia/webkit/commit/2a17b15297eb886b0bfb7d098ef607cfad6c3da0

Thanks. Could you as well triage the recent CVEs which are fixed in
DSA-4515-1 for unstable? Which is the first unstable version having
the fix?

Regards,
Salvatore

Reply to:

Follow-Ups:
- Re: Old open CVEs in webkit2gtk
  - From: Alberto Garcia <berto@igalia.com>

References:
- Old open CVEs in webkit2gtk
  - From: Alberto Garcia <berto@igalia.com>

Prev by Date: External check
Next by Date: Re: Old open CVEs in webkit2gtk
Previous by thread: Old open CVEs in webkit2gtk
Next by thread: Re: Old open CVEs in webkit2gtk
Index(es):
- Date
- Thread