#16947 closed enhancement (fixed)
webkitgtk-2.36.7
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 11.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
I suspect this has a fix for a critical zero-day that's being actively exploited at the time of writing:
WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 243557 CVE-2022-32893: an anonymous researcher
Change History (5)
comment:1 by , 20 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 20 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at b1c0fa79dffaf88abb1c0d1367db8ab018f09d1e
I'll file an SA once the WebKitGTK+ Security Advisory is released (so I have references)
comment:4 by , 20 months ago
My suspicion was correct.
SA will come shortly.
------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008
------------------------------------------------------------------------
Date reported : August 25, 2022
Advisory ID : WSA-2022-0008
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2022-0008.html
WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2022-0008.html
CVE identifiers : CVE-2022-32893.
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
CVE-2022-32893
Versions affected: WebKitGTK and WPE WebKit before 2.36.7.
Credit to an anonymous researcher.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Note:
See TracTickets
for help on using tickets.
