-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------- Debian Security Advisory DSA-5468-1 security@debian.org https://www.debian.org/security/ Alberto Garcia August 05, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2023-38133 CVE-2023-38572 CVE-2023-38592 CVE-2023-38594
CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600
CVE-2023-38611

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2023-38133

YeongHyeon Choi discovered that processing web content may
disclose sensitive information.

CVE-2023-38572

Narendra Bhati discovered that a website may be able to bypass the
Same Origin Policy.

CVE-2023-38592

Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco
Squarcina, and Lorenzo Veronese discovered that processing web
content may lead to arbitrary code execution.

CVE-2023-38594

Yuhao Hu discovered that processing web content may lead to
arbitrary code execution.

CVE-2023-38595

An anonymous researcher, Jiming Wang, and Jikai Ren discovered
that processing web content may lead to arbitrary code execution.

CVE-2023-38597

Junsung Lee discovered that processing web content may lead to
arbitrary code execution.

CVE-2023-38599

Hritvik Taneja, Jason Kim, Jie Jeff Xu, Stephan van Schaik, Daniel
Genkin, and Yuval Yarom discovered that a website may be able to
track sensitive user information.

CVE-2023-38600

An anonymous researcher discovered that processing web content may
lead to arbitrary code execution.

CVE-2023-38611

Francisco Alonso discovered that processing web content may lead
to arbitrary code execution.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.40.5-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in version 2.40.5-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmTOj+AACgkQAAyEYu0C 2AK4hw/+IqYa65blruup8jZigzY38U60+U+yzSa1MTtV04Nfv5UUMHw/AuSDi/ap U5Vcee/oAb8pFeaZFODPY4k6vHUSjc4iL21zG4X0nYvNL7S9KZOS8TlxLVbbDElu VLv3La7yB++vzv64DdU/ZuRkbuqowImesSxV8PFMaeJCWzMGX1Ck4jqqOPewmOAl EEc9sFQHavZIdsC7kYGYcJi5UDgHUdG7K1JwKmDyQ+cW4CiTHIpGshpBnOyz7Kx9 AxTMscAqkigJznjY5kzWe5koFzZY7WTGmxmy7fjepEzB/Zdbl2+FRgFl3UHrd6kj 90blbnyTT6C+/PXkMR8dbeC2y7yTWZoeyyedRu2m700IdZVR19DKCwNj2TaFXD28 GKLe7fYKusyvPx63JVmHk6p9wokInOyimn+4Ldwv6q2CUAMXOLpia9hEjljrE1nj CNbgyJFsgJTbW069GhkABySNKeQbFd4OCZxemb6jcJsXn3pRWoK/32B8tu/srzJo OtdcuHC2TEyQS1EzgzJ25WrvcGkgTaz0eoemcXMdvp31xqWpmJEJoQ95Q/lwskq3 5e0mOH3AabSDVioImrBNtjnDcPP7Sy8Mq70pv+qx6fQZZnnFUD7YLr8D4KcayUSP 8M6hBjOj1qAJnXb2N2Cw2YRwYhcsFXQ9d7qbC7C03bEFIsSIx0A=
=VbdY
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)