[SECURITY] [DSA 5351-1] webkit2gtk security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5351-1] webkit2gtk security update
From: Alberto Garcia <berto@debian.org>
Date: Thu, 16 Feb 2023 23:21:08 +0000
Message-id: <[🔎] Y+66ZJb8UcUenvN8@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5351-1                   security@debian.org
https://www.debian.org/security/                           Alberto Garcia
February 17, 2023                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : webkit2gtk
CVE ID         : CVE-2023-23529

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2023-23529

    An anonymous researcher discovered that processing maliciously
    crafted web content may lead to arbitrary code execution. Apple is
    aware of a report that this issue may have been actively
    exploited.

For the stable distribution (bullseye), this problem has been fixed in
version 2.38.5-1~deb11u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmPut+cACgkQAAyEYu0C
2AJaFhAAkyJJj40wLK3T0Zleue2oSvGe5fujMsGtiiUXCn8L6x4nGnk0tPDsIPsD
jssAEH6sSFrQkpuDV/MUYK6EXsRG8js4HFql8M9A0xdGihT35mih7YSrhd2cMmBU
VJS8DMuVefOhukGdgubydfUhCpN4v9YmlmNo+bURl6GRtNBJfm9bWvtx9i1CANMQ
rhbMIXuzrbx7j8PAfbTA8YclFpiLhsq+aEjb7UeOr6ZPeNfMcIisZrJI2cfpcDFH
JpA6yECLXnuOqMWn4xUN+f8kmUwDLlSpnZ6qA9+jeOC5O2ljKB2k75D/C2547o8Z
km5ihSNafLDsVXsy3DSU0XZiLxLpAEmR3TqsC30k196frajVt1cQKWdvI9yUj+oZ
YePgbmXlz+Ua1pgoaD8IuJiAwvQw7ZYen6xVKSX1Gu2+5NWTB5cw3sOcTLeCTSzh
IZlS8Gdf0dbyN9nWF2jKv9LeGKfGHs6WzEcx9FZDLjZ0B96uYcbVLNopp9SVYgTX
sqYwDTAqjbLTegGbLxGkXXqqvKsPiAEDHdhdBOHmefQjLvThMvwxciRAx0P76Rsa
s3kxIlsOgdnlZ/ecA1vS0Xa+xK4r19eGveJU2dfQ80DdqeeNTNNhkfUjwzPaYlEX
b2Irr6UDv2JYmzIZ5qtJgCOA7yX1lbIOTj5/S11K0gIdp4HTyao=
=URao
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5350-1] firefox-esr security update
Next by Date: [SECURITY] [DSA 5352-1] wpewebkit security update
Previous by thread: [SECURITY] [DSA 5350-1] firefox-esr security update
Next by thread: [SECURITY] [DSA 5352-1] wpewebkit security update
Index(es):
- Date
- Thread