it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5241-1] wpewebkit security update

From: Alberto Garcia <berto AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5241-1] wpewebkit security update
Date: Wed, 28 Sep 2022 09:35:24 +0000
Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/YzQVXBoBtVKEI3O8 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=452lLO1FK/+A4tu0ybFWe1DSTAkgM/YfWzT4ILRyLwk=; b=Ho hoTMw5s/6IxL6FcxlArsj1ErM2ZV0lqmCTAf3r7IpUMUjC9bIOzz22G+I/Nl2S0vjpqwVqQKxfq9V faU503JFKgtF15kIv96y+9XYjXtfbfLBWueAKSM2NMb+yD27Qy1EkopX7JrPixRU6R5VULbx6kYOQ KAdv31tF/9scCT7aov8/O8Fx25act3ckMdjp3KM0uActFdh0MFWMhT+068asagUp0jBlruRMP/hGK iLcI8unUS/PMOuLAbah+S6aQ4rV3TjjVDU3RTKqE9MxTj+bjI2EYCHhot6911/DgwbQ8f14Cs1+bs xq06NeBzsX8BzrlfXtap9UQtH/JmJClw==;
Old-return-path: <berto AT debian.org>
Priority: urgent
Resent-date: Wed, 28 Sep 2022 09:35:50 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <QOkUUlUD_CJ.A.UtE.2VBNjB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5241-1 security AT debian.org
https://www.debian.org/security/ Alberto Garcia
September 28, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wpewebkit
CVE ID : CVE-2022-32886

The following vulnerabilities have been discovered in the WPE WebKit
web engine:

CVE-2022-32886

P1umer, afang5472 and xmzyshypnc discovered that processing
maliciously crafted web content may lead to arbitrary code
execution

For the stable distribution (bullseye), this problem has been fixed in
version 2.38.0-1~deb11u1.

We recommend that you upgrade your wpewebkit packages.

For the detailed security status of wpewebkit please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpewebkit

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmM0ErUACgkQAAyEYu0C
2AK/TA/9FNEyzGshSoog6XBZ7bQR3ATaCA1V2vUDSkv1kaq9V7nPtBLW16Kwcgxe
AjFzS7BfdW8vN4tnEAx65RS6q60jlADTgXUihiDFRdeuteNXYuMUOp61EU71SKDb
LmSdwfU8ule3s1UMtbSG9n7W0NvkuuB+RdZX580r7F/CFpwELQiTeGbOodVfpKfl
pU9zSAiEa+hoOeFX7wQewnL60goSPfjhjGZqPR2w0cKOk+zYPYBrAYvxGN+HFpeo
7yx8y0x7RsL/UNLkObs+VWPrPb4LNN4vQck3CYAW1lY0aI2+bQ7Roo4Ax4NvPqMT
tNs+72vq/j6d9fYlyVpNJcnwKUxpygqMnRxLW0C16zfqUm7/SvT1MuF9HK0O+7yM
8xGjEsVXMGPeYEGyE+tnujlHeem+YWpi3ODMCizY4bohVPJyLypc+DwABo98yP9v
MrtRr94RjfMJV/Khjj0nxxpTmIMjbXBC4uA+zwFtmjZo0vOiU3NfHIbcIZpQu4RC
p7olYPSltWkRFnfXPRf97BLCCPolRnTmiQGq7zeqFsxSXaLTBKGqOOiuxkyRObeU
W+ybs+X5MDAmRUM93JArarjrnJVE2XvRhXIRkGPIN918lysFwbfr5HwBMCsvaS10
5z+BCqx+A1fCgIja02N2aEr3FaOCDy8I/WqoI/7FwDz/z2y8JxU=
=gReZ
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5241-1] wpewebkit security update, Alberto Garcia, 28.09.2022

Archiv bereitgestellt durch MHonArc 2.6.24.