Path: ...!news.mixmin.net!aioe.org!bofh.it!news.nic.it!robomod From: Alberto Garcia Newsgroups: linux.debian.announce.security Subject: [SECURITY] [DSA 5219-1] webkit2gtk security update Date: Sat, 27 Aug 2022 17:00:01 +0200 Message-ID: X-Original-To: debian-security-announce@lists.debian.org X-Mailbox-Line: From debian-security-announce-request@lists.debian.org Sat Aug 27 14:50:03 2022 Old-Return-Path: X-Amavis-Spam-Status: No, score=-116.201 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DIGITS_LETTERS=1, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FVGT_m_MULTI_ODD=0.02, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_HI=-5, T_SCC_BODY_TEXT_LINE=-0.01, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no Old-Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=DQ16Ed+Zsg5tC2sxe8Qt1RAOVmxjGCljOgOk58Zt5z8=; b=Rb RfNmu1mUX7/JKaMf7PEx97iimjgeCWha+vD8EiFwhgzaKzISBgc0PvhsR/wVZtSJ1eiunJJbcPSop Ku32VlOmphP+cb4FxRTRtQAr5RePyWOv4aS0rT5uVTLQdugKx/bJ2SVTGao+y+mi1Yn+sfEqR0cka WMvmAuCeFO98Qaho4SLXzmsnvIN7Bsq7BBTvsIMgVBtX4suytUePfKjzCIOTmd2eHtdK+V1prNgps aPPLmRZk7AmmD+l92JmJZhGwBUeJoC0bTPGSGOjAVSNE26e0x/q8JY5EotX+Gyg8ahe9k/6slNnKo 170x58ktRa6/RaYfNQZV/SXF8iN7P7WQ==; MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-Debian: PGP check passed for security officers Priority: urgent Reply-To: debian-security-announce-request@lists.debian.org X-Mailing-List: archive/latest/4117 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/20220827144940.GA15846@seger.debian.org Approved: robomod@news.nic.it Lines: 52 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Date: Sat, 27 Aug 2022 14:49:40 +0000 X-Original-Message-ID: <20220827144940.GA15846@seger.debian.org> Bytes: 4632 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5219-1 security@debian.org https://www.debian.org/security/ Alberto Garcia August 27, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2022-32893 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-32893 An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. For the stable distribution (bullseye), this problem has been fixed in version 2.36.7-1~deb11u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmMKLR4ACgkQAAyEYu0C 2AJDOA//V22fNdY0/G6glW0m9WDDKK+wqQHTI0kZehD7IuG8Y6wjeKff1ZvaGeW/ kOrAeg/jhxT1Q9gFOCfWmEimfEfnYUCORt/FTNVPG1inpPgkXOevnUbCpLZBQTJC cjAc3+t7gXLo03fzAcDmPosQYyKyyxUDK6YKG/BQ9ZDHvS/vaE3zKzZOsFYgz6bg bbPgu+O9PzrHmRO1iA5eLYbGBtc7CbRp3qWdxytDghnXBl3guG1HRFhoj0Gbk0lb d0b9GABh3wpjCe44ny1/nvHO9xO538PcF0ZB36NRa9mHCIzqp2BxH4nf3jIiFjua mKXGI48FIV/wL776l3B6DHNOY1hnuxe8C9p4ipBtxoLk50ffCuTBQwGlt9MLZ2zq 2GJcX8/iqIE3RlsXbVtZpqC01oCVnsYCujdKb6D9CEhE96V3S5qOh3aBQExM2UtQ /c8JXwfo3J4lu42coF2oGbuMc0Sad35nvrIEocC50a2n3nsB4b3HSWwkDtn7OjxJ k9HhRPETGK5sarE+JrlL/aslLq45LhBv0yHaMuE6jtYJ9o5t3GHzZvnzQYJ9rksk 2+Sv7iLBm9PbxUnIuzgTtgk+ghFy4q/KXJbayZ8ruqv1IQsp1wXq76kS3ywYk8Eg AM8u3YbQiUmWPKuwz9Xe8TYYaAefs2jh/OMTe4W4+EAVu/EZfPc= =aPej -----END PGP SIGNATURE-----