<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 27 Oct 2021 06:07:39 +0200
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hi,
[dropping most other recipients]
On Tue, Oct 26, 2021 at 08:05:36PM +0100, Carlos Alberto Lopez Perez wrote:
------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006
------------------------------------------------------------------------
Date reported : October 26, 2021
Advisory ID : WSA-2021-0006
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2021-0006.html
WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2021-0006.html
CVE identifiers : CVE-2021-30846, CVE-2021-30848,
CVE-2021-30849, CVE-2021-30851,
CVE-2021-30858, CVE-2021-42762.
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
[...]
CVE-2021-30851
Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
Credit to Samuel Groß of Google Project Zero.
Impact: Processing maliciously crafted web content may lead to code
execution. Description: A memory corruption vulnerability was
addressed with improved locking.
CVE-2021-30851 seems to be REJECTED (cf.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30851). Is
there a typo in the CVE id for this one or did the CVE got rejected
later on? The CVE entry only states "Reason: This candidate was
withdrawn by the CVE program." so might give a light indication
towards that the CVE used has a typo and should be another one?
Can you clarify or have any insights here?
Regards,
Salvatore
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Carlos Alberto Lopez Perez (Oct 26)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Salvatore Bonaccorso (Oct 26)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Francis Perron (Oct 27)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Alberto Garcia (Oct 27)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Samuel Groß (Oct 27)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Salvatore Bonaccorso (Oct 27)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Salvatore Bonaccorso (Oct 31)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->