Re: Old open CVEs in webkit2gtk
Hi Alberto,
On Wed, Sep 04, 2019 at 09:44:51AM +0200, Alberto Garcia wrote:
> I was having a look at the list of CVEs for webkit2gtk:
>
> https://security-tracker.debian.org/tracker/source-package/webkit2gtk
>
> Two of them (CVE-2019-8375 and CVE-2017-17821) are listed as still
> open in buster / bullseye / sid, however
>
> 1) CVE-2019-8375 was fixed in webkit2gtk 2.23.90:
>
> https://github.com/Igalia/webkit/commit/15091e3aa288df50ade0d78b5f444ec0d1814573
>
> 2) CVE-2017-17821 was fixed in webkit2gtk 2.21.3:
>
> https://github.com/Igalia/webkit/commit/2a17b15297eb886b0bfb7d098ef607cfad6c3da0
Thanks. Could you as well triage the recent CVEs which are fixed in
DSA-4515-1 for unstable? Which is the first unstable version having
the fix?
Regards,
Salvatore
Reply to: