-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4558-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Alberto Garcia November 04, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2019-8625 CVE-2019-8720 CVE-2019-8769 CVE-2019-8771 Several vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2019-8625 Sergei Glazunov discovered that maliciously crafted web content may lead to universal cross site scripting. CVE-2019-8720 Wen Xu discovered that maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8769 Pierre Reimertz discovered that visiting a maliciously crafted website may reveal browsing history. CVE-2019-8771 Eliya Stein discovered that maliciously crafted web content may violate iframe sandboxing policy. For the stable distribution (buster), these problems have been fixed in version 2.26.1-3~deb10u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Debian: DSA-4558-1: webkit2gtk security update
Several vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2019-8625
