oss-sec mailing list archives

Re: WebKitGTK+ Security Advisory WSA-2016-0002

From: Carlos Alberto Lopez Perez <clopez () igalia com>
Date: Mon, 14 Mar 2016 17:16:45 +0100

On 14/03/16 13:29, Tomas Hoger wrote:

On Fri, 11 Mar 2016 15:25:39 +0100 Carlos Alberto Lopez Perez wrote:

Advisory ID        : WSA-2016-0002
Advisory URL       : http://webkitgtk.org/security/WSA-2016-0002.html
CVE identifiers    : CVE-2016-1723, CVE-2016-1724, CVE-2016-1725,
                     CVE-2016-1726, CVE-2016-1727, CVE-2016-1728.

Several vulnerabilities were discovered on WebKitGTK+.


Are further details of these issues available anywhere?  WSA only
re-uses Mitre CVE descriptions derived form Apple advisories, but is
there info which bugs/commits these CVEs correspond to?


Per policy [1], the details of security bugs in WebKit and their fixes
are available only to members of the WebKit Security Group.

If you have a legitimate reason that you need to know specific details
about any of this bugs, then you should state the reason in a inquiry
directed to security () webkit org rather than to this mailing list.


[1] https://webkit.org/security-policy/

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

WebKitGTK+ Security Advisory WSA-2016-0002 Carlos Alberto Lopez Perez (Mar 11)
- Re: WebKitGTK+ Security Advisory WSA-2016-0002 Tomas Hoger (Mar 14)
  - Re: WebKitGTK+ Security Advisory WSA-2016-0002 Carlos Alberto Lopez Perez (Mar 14)