• [SECURITY] [DSA 5792-1] webkit2gtk security update

    From Alberto Garcia@21:1/5 to All on Tue Oct 15 00:10:02 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5792-1 security@debian.org https://www.debian.org/security/ Alberto Garcia October 14, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : webkit2gtk
    CVE ID : CVE-2024-40866 CVE-2024-44187

    The following vulnerabilities have been discovered in the WebKitGTK
    web engine:

    CVE-2024-40866

    Hafiizh and YoKo Kho discovered that visiting a malicious website
    may lead to address bar spoofing.

    CVE-2024-44187

    Narendra Bhati discovered that a malicious website may exfiltrate
    data cross-origin.

    For the stable distribution (bookworm), these problems have been fixed in version 2.46.0-2~deb12u1.

    We recommend that you upgrade your webkit2gtk packages.

    For the detailed security status of webkit2gtk please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmcNkVcACgkQAAyEYu0C 2AIS8g/9EKZzBT0VW5VA4kCzLSijtpyKw+kDKgVbsFQmDudoYfr1xF1syfyw1y9r RwdUi5q2puDKenEBk1kg3xRUkVM0HCbzCVt/h6mmx6YaBjKVAl95syXiWyDnXoOI 7e4WnzAtUgsNfx4+zpTqNdfK/982C/Zfc2kuit2iXiBDcCYtdBWV3+k8vbbT4Om5 2MYrbxlQlyUXEc9ZZpaAUxTvuklSQ2wHK3xtlAmoxsMdj2+Re9bOKuBuOKZkUfwU 9olgKg83HWhzc5W4u840q8oHmUrZDUpNbLjQGTSBZWVQE0uAiD8IA8k4I/TxjPFm MyeSRKKE0QTCOPDyHskVW+ijjcqs8pHa9/jAwXO/cBO6ZBkSbnQZ57j4+CQtrzA5 N0Yh02AM48898eRDXhlt2SBz+tQnlhs0vSRMacccbIy0GSlccSoiaJRsUFXZ+LOb JiM8xlbJ8KsKJz/pTOM6qzrIkD/RFmqBrxIutPqsusG+XbiVQkvcQp13otfTK8Pk hzGC47UBZuuUib8DXkYSgbb0b/cw6/efIwy60NpPsT7DxfjLwCyVspyQcjJplGAN Lou0R6ezpNQu9iijjeJZR6DouiYP0YGoLm8bVo0OBIsw0tmO7vZ82SBi6Rf7ScIB Hu190dDPt2WdNigXxpGmjk+nWyj7DncEZEfwKQb/rZos52hPh/Q=
    =pvja
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)