oss-sec mailing list archives
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006
From: Samuel Groß <saelo () google com>
Date: Wed, 27 Oct 2021 16:40:55 +0200
Hi! I don't know what happened to CVE-2021-30851 as these CVEs are allocated by Apple usually. I think the CVE would correspond to this issue though: https://bugs.webkit.org/show_bug.cgi?id=227988 Best! Samuel On Wed, Oct 27, 2021 at 3:02 PM Francis Perron <francis.perron () shopify com> wrote:
On Wed, Oct 27, 2021 at 12:09 AM Salvatore Bonaccorso <carnil () debian org> wrote:Hi, [dropping most other recipients] On Tue, Oct 26, 2021 at 08:05:36PM +0100, Carlos Alberto Lopez Perezwrote:------------------------------------------------------------------------WebKitGTK and WPE WebKit Security AdvisoryWSA-2021-0006------------------------------------------------------------------------Date reported : October 26, 2021 Advisory ID : WSA-2021-0006 WebKitGTK Advisory URL :https://webkitgtk.org/security/WSA-2021-0006.htmlWPE WebKit Advisory URL :https://wpewebkit.org/security/WSA-2021-0006.htmlCVE identifiers : CVE-2021-30846, CVE-2021-30848, CVE-2021-30849, CVE-2021-30851, CVE-2021-30858, CVE-2021-42762. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.[...]CVE-2021-30851 Versions affected: WebKitGTK and WPE WebKit before 2.34.0. Credit to Samuel Groß of Google Project Zero. Impact: Processing maliciously crafted web content may lead to code execution. Description: A memory corruption vulnerability was addressed with improved locking.CVE-2021-30851 seems to be REJECTED (cf. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30851). Is there a typo in the CVE id for this one or did the CVE got rejected later on?BCC'ing Samuel Groß Salvatore - I think 30851 was not issued, and it may have been a mistake here. There was no other CVE issued as part of WSA-2021-0006 according to the GitHub repo for the CVE program: https://github.com/CVEProject/cvelist/search?q=wsa-2021-0006 if you need a CVE for this, Samuel may be able to sort this out with the WebKit folks, who also seem to advertise 30851 on their security advisory site: https://webkitgtk.org/security/WSA-2021-0006.html Have a good Wednesday, -- Francis Perron Engineering Program Manager | Security Incident Response
Current thread:
- WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Carlos Alberto Lopez Perez (Oct 26)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Salvatore Bonaccorso (Oct 26)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Francis Perron (Oct 27)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Alberto Garcia (Oct 27)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Samuel Groß (Oct 27)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Salvatore Bonaccorso (Oct 27)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Salvatore Bonaccorso (Oct 31)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Francis Perron (Oct 27)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Salvatore Bonaccorso (Oct 26)