The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-9802 Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9803 Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9805 An anonymous researcher discovered that processing maliciously crafted web content may lead to universal cross site scripting. CVE-2020-9806 Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9807 Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2020-9843 Ryan Pickren discovered that processing maliciously crafted web content may lead to a cross site scripting attack. CVE-2020-9850 @jinmo123, @setuid0x0_, and @insu_yun_en discovered that a remote attacker may be able to cause arbitrary code execution. CVE-2020-13753 Milan Crha discovered that an attacker may be able to execute commands outside the bubblewrap sandbox. For the stable distribution (buster), these problems have been fixed in version 2.28.3-2~deb10u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk
The following vulnerabilities have been discovered in the webkit2gtk web engine:
Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution.
An anonymous researcher discovered that processing maliciously crafted web content may lead to universal cross site scripting.
Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Wen Xu discovered that processing maliciously crafted web content may lead to arbitrary code execution.
Ryan Pickren discovered that processing maliciously crafted web content may lead to a cross site scripting attack.
@jinmo123, @setuid0x0_, and @insu_yun_en discovered that a remote attacker may be able to cause arbitrary code execution.
Milan Crha discovered that an attacker may be able to execute commands outside the bubblewrap sandbox.
For the stable distribution (buster), these problems have been fixed in version 2.28.3-2~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk
Vulmon