[SECURITY] [DSA 5241-1] wpewebkit security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5241-1] wpewebkit security update
From: Alberto Garcia <berto@debian.org>
Date: Wed, 28 Sep 2022 09:35:24 +0000
Message-id: <[🔎] YzQVXBoBtVKEI3O8@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5241-1                   security@debian.org
https://www.debian.org/security/                           Alberto Garcia
September 28, 2022                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : wpewebkit
CVE ID         : CVE-2022-32886

The following vulnerabilities have been discovered in the WPE WebKit
web engine:

CVE-2022-32886

    P1umer, afang5472 and xmzyshypnc discovered that processing
    maliciously crafted web content may lead to arbitrary code
    execution

For the stable distribution (bullseye), this problem has been fixed in
version 2.38.0-1~deb11u1.

We recommend that you upgrade your wpewebkit packages.

For the detailed security status of wpewebkit please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpewebkit

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmM0ErUACgkQAAyEYu0C
2AK/TA/9FNEyzGshSoog6XBZ7bQR3ATaCA1V2vUDSkv1kaq9V7nPtBLW16Kwcgxe
AjFzS7BfdW8vN4tnEAx65RS6q60jlADTgXUihiDFRdeuteNXYuMUOp61EU71SKDb
LmSdwfU8ule3s1UMtbSG9n7W0NvkuuB+RdZX580r7F/CFpwELQiTeGbOodVfpKfl
pU9zSAiEa+hoOeFX7wQewnL60goSPfjhjGZqPR2w0cKOk+zYPYBrAYvxGN+HFpeo
7yx8y0x7RsL/UNLkObs+VWPrPb4LNN4vQck3CYAW1lY0aI2+bQ7Roo4Ax4NvPqMT
tNs+72vq/j6d9fYlyVpNJcnwKUxpygqMnRxLW0C16zfqUm7/SvT1MuF9HK0O+7yM
8xGjEsVXMGPeYEGyE+tnujlHeem+YWpi3ODMCizY4bohVPJyLypc+DwABo98yP9v
MrtRr94RjfMJV/Khjj0nxxpTmIMjbXBC4uA+zwFtmjZo0vOiU3NfHIbcIZpQu4RC
p7olYPSltWkRFnfXPRf97BLCCPolRnTmiQGq7zeqFsxSXaLTBKGqOOiuxkyRObeU
W+ybs+X5MDAmRUM93JArarjrnJVE2XvRhXIRkGPIN918lysFwbfr5HwBMCsvaS10
5z+BCqx+A1fCgIja02N2aEr3FaOCDy8I/WqoI/7FwDz/z2y8JxU=
=gReZ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5240-1] webkit2gtk security update
Next by Date: [SECURITY] [DSA 5242-1] maven-shared-utils security update
Previous by thread: [SECURITY] [DSA 5240-1] webkit2gtk security update
Next by thread: [SECURITY] [DSA 5242-1] maven-shared-utils security update
Index(es):
- Date
- Thread