Deutsch   English   Fran├žais   Italiano  
<EZ5rX-3rzp-5@gated-at.bofh.it>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!news.mixmin.net!aioe.org!bofh.it!news.nic.it!robomod
From: Alberto Garcia <berto@debian.org>
Newsgroups: linux.debian.announce.security
Subject: [SECURITY] [DSA 5219-1] webkit2gtk security update
Date: Sat, 27 Aug 2022 17:00:01 +0200
Message-ID: <EZ5rX-3rzp-5@gated-at.bofh.it>
X-Original-To: debian-security-announce@lists.debian.org
X-Mailbox-Line: From debian-security-announce-request@lists.debian.org  Sat Aug 27 14:50:03 2022
Old-Return-Path: <berto@debian.org>
X-Amavis-Spam-Status: No, score=-116.201 tagged_above=-10000 required=5.3
	tests=[BAYES_00=-2, DIGITS_LETTERS=1, DKIMWL_WL_HIGH=-0.001,
	DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	DKIM_VALID_EF=-0.1, FVGT_m_MULTI_ODD=0.02, LDO_WHITELIST=-5,
	PGPSIGNATURE=-5, RCVD_IN_DNSWL_HI=-5, T_SCC_BODY_TEXT_LINE=-0.01,
	USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100]
	autolearn=ham autolearn_force=no
Old-Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org;
	 s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:
	Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
	In-Reply-To:References; bh=DQ16Ed+Zsg5tC2sxe8Qt1RAOVmxjGCljOgOk58Zt5z8=; b=Rb
	RfNmu1mUX7/JKaMf7PEx97iimjgeCWha+vD8EiFwhgzaKzISBgc0PvhsR/wVZtSJ1eiunJJbcPSop
	Ku32VlOmphP+cb4FxRTRtQAr5RePyWOv4aS0rT5uVTLQdugKx/bJ2SVTGao+y+mi1Yn+sfEqR0cka
	WMvmAuCeFO98Qaho4SLXzmsnvIN7Bsq7BBTvsIMgVBtX4suytUePfKjzCIOTmd2eHtdK+V1prNgps
	aPPLmRZk7AmmD+l92JmJZhGwBUeJoC0bTPGSGOjAVSNE26e0x/q8JY5EotX+Gyg8ahe9k/6slNnKo
	170x58ktRa6/RaYfNQZV/SXF8iN7P7WQ==;
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Debian: PGP check passed for security officers
Priority: urgent
Reply-To: debian-security-announce-request@lists.debian.org
X-Mailing-List: <debian-security-announce@lists.debian.org> archive/latest/4117
List-ID: <debian-security-announce.lists.debian.org>
List-URL: <http://lists.debian.org/debian-security-announce/>
List-Archive: https://lists.debian.org/msgid-search/20220827144940.GA15846@seger.debian.org
Approved: robomod@news.nic.it
Lines: 52
Organization: linux.* mail to news gateway
Sender: robomod@news.nic.it
X-Original-Date: Sat, 27 Aug 2022 14:49:40 +0000
X-Original-Message-ID: <20220827144940.GA15846@seger.debian.org>
Bytes: 4632

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5219-1                   security@debian.org
https://www.debian.org/security/                           Alberto Garcia
August 27, 2022                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : webkit2gtk
CVE ID         : CVE-2022-32893

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2022-32893

    An anonymous researcher discovered that processing maliciously
    crafted web content may lead to arbitrary code execution. Apple is
    aware of a report that this issue may have been actively
    exploited.

For the stable distribution (bullseye), this problem has been fixed in
version 2.36.7-1~deb11u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmMKLR4ACgkQAAyEYu0C
2AJDOA//V22fNdY0/G6glW0m9WDDKK+wqQHTI0kZehD7IuG8Y6wjeKff1ZvaGeW/
kOrAeg/jhxT1Q9gFOCfWmEimfEfnYUCORt/FTNVPG1inpPgkXOevnUbCpLZBQTJC
cjAc3+t7gXLo03fzAcDmPosQYyKyyxUDK6YKG/BQ9ZDHvS/vaE3zKzZOsFYgz6bg
bbPgu+O9PzrHmRO1iA5eLYbGBtc7CbRp3qWdxytDghnXBl3guG1HRFhoj0Gbk0lb
d0b9GABh3wpjCe44ny1/nvHO9xO538PcF0ZB36NRa9mHCIzqp2BxH4nf3jIiFjua
mKXGI48FIV/wL776l3B6DHNOY1hnuxe8C9p4ipBtxoLk50ffCuTBQwGlt9MLZ2zq
2GJcX8/iqIE3RlsXbVtZpqC01oCVnsYCujdKb6D9CEhE96V3S5qOh3aBQExM2UtQ
/c8JXwfo3J4lu42coF2oGbuMc0Sad35nvrIEocC50a2n3nsB4b3HSWwkDtn7OjxJ
k9HhRPETGK5sarE+JrlL/aslLq45LhBv0yHaMuE6jtYJ9o5t3GHzZvnzQYJ9rksk
2+Sv7iLBm9PbxUnIuzgTtgk+ghFy4q/KXJbayZ8ruqv1IQsp1wXq76kS3ywYk8Eg
AM8u3YbQiUmWPKuwz9Xe8TYYaAefs2jh/OMTe4W4+EAVu/EZfPc=
=aPej
-----END PGP SIGNATURE-----