oss-sec mailing list archives
Re: [webkit-security] WebKitGTK+ Security Advisory WSA-2018-0003
From: Michael Catanzaro <mcatanzaro () igalia com>
Date: Wed, 04 Apr 2018 14:22:53 -0500
Correction:On Wed, Apr 4, 2018 at 1:46 PM, Michael Catanzaro <mcatanzaro () igalia com> wrote:
CVE-2018-4118 Versions affected: WebKitGTK+ before 2.18.1. Credit to Jun Kokatsu (@shhnjk). Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
The versions affected for CVE-2018-4118 was not correct. An attempt to fix this issue was included in 2.18.1, but the change was incomplete. This should have read:
Versions affected: WebKitGTK+ before 2.20.0
Current thread:
- WebKitGTK+ Security Advisory WSA-2018-0003 Michael Catanzaro (Apr 04)
- Re: [webkit-security] WebKitGTK+ Security Advisory WSA-2018-0003 Michael Catanzaro (Apr 04)