The following vulnerability has been discovered in the webkit2gtk web engine: CVE-2020-3885 Ryan Pickren discovered that a file URL may be incorrectly processed. CVE-2020-3894 Sergei Glazunov discovered that a race condition may allow an application to read restricted memory. CVE-2020-3895 grigoritchy discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-3897 Brendan Draper discovered that a remote attacker may be able to cause arbitrary code execution. CVE-2020-3899 OSS-Fuzz discovered that a remote attacker may be able to cause arbitrary code execution. CVE-2020-3900 Dongzhuo Zhao discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-3901 Benjamin Randazzo discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-3902 Yigit Can Yilmaz discovered that processing maliciously crafted web content may lead to a cross site scripting attack. For the stable distribution (buster), these problems have been fixed in version 2.28.2-2~deb10u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk
The following vulnerability has been discovered in the webkit2gtk web engine:
Ryan Pickren discovered that a file URL may be incorrectly processed.
Sergei Glazunov discovered that a race condition may allow an application to read restricted memory.
grigoritchy discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Brendan Draper discovered that a remote attacker may be able to cause arbitrary code execution.
OSS-Fuzz discovered that a remote attacker may be able to cause arbitrary code execution.
Dongzhuo Zhao discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Benjamin Randazzo discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Yigit Can Yilmaz discovered that processing maliciously crafted web content may lead to a cross site scripting attack.
For the stable distribution (buster), these problems have been fixed in version 2.28.2-2~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk