[SECURITY] [DLA 3183-1] webkit2gtk security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3183-1] webkit2gtk security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Wed, 9 Nov 2022 09:19:00 +0100 (CET)
Message-id: <[🔎] 20221109081900.79F652A15A9@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3183-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
November 09, 2022                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : webkit2gtk
Version        : 2.38.2-1~deb10u1
CVE ID         : CVE-2022-42799 CVE-2022-42823 CVE-2022-42824

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2022-42799

    Jihwan Kim and Dohyun Lee discovered that visiting a malicious
    website may lead to user interface spoofing.

CVE-2022-42823

    Dohyun Lee discovered that processing maliciously crafted web
    content may lead to arbitrary code execution.

CVE-2022-42824

    Abdulrahman Alqabandi, Ryan Shin and Dohyun Lee discovered that
    processing maliciously crafted web content may disclose sensitive
    user information.

For Debian 10 buster, these problems have been fixed in version
2.38.2-1~deb10u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmNrYnIACgkQnUbEiOQ2
gwLj3A/9E66Zfw9IOyJLtEJpaSoRXxQDEOybRt8B/7Aj73jP3WvsWrvwE/wY8487
R03nBubqfaQM8ALQC3mnFOF4/iNyppcOPkvTQ7ZbNbkNQOTIvs6S6t3eKlL3V9Xu
p5K+U5u5/7J/z/YBmozGvoSTg/l8E5N8V4XVEHjylYYQE716vH5ow8RyTKJcsBf8
YXbrHIYK3cGUSjWjn8gTN8/29DIutkesTWVzRFtViBHIuLjw2XqswQQqDKR+9bCU
zn1FNbZ/VoJ1nE0/VLHw+1/w25aaQY3eCEr90+APDOsJIsOljlwOAE3RqpCACym6
hAtnTB9M6SafrxVvwhGg2v2RRCyh+DLp9l1KojSUWRJpglq0ZimV+p2v2W5JpNnV
phZVKDinq1OhFZe5UWy3fk43vCiZhWuzZ6LVZTHqoRvcS17lRDAJxY9qJKeH2L00
jZjHqxyue7/ov6T+9P2PeHYxZf2ea+PAex5iwAr6adlP5ZITSG+EHn4JUUjKtvEu
V0CL2qdDP3TXMOBaZuNrm+5rLxAmTXh8FkFkPxlyLR8WKeu9j0X73d6ODVcjZhhB
BOEchVExA7F8wB4K6U74RRbDzvirhvZV0xqmKzs3apnGGez5YTsGRXG2GRGVfaFU
JzE72tdLL3oz+ZgpxICNR2/vf3t7hVSzpf3TK0AkNeS7nx3ltgs=
=HXnx
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3182-1] vim security update
Next by Date: [SECURITY] [DLA 3184-1] libjettison-java security update
Previous by thread: [SECURITY] [DLA 3182-1] vim security update
Next by thread: [SECURITY] [DLA 3184-1] libjettison-java security update
Index(es):
- Date
- Thread