Summary: | www/webkit-gtk2 - Multiple vulnerabilities | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Sevan Janiyan <venture37> |
Component: | Individual Port(s) | Assignee: | Koop Mast <kwm> |
Status: | Closed FIXED | ||
Severity: | Affects Only Me | CC: | feld, kwm, ports-secteam |
Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(gnome) |
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
Sevan Janiyan
2015-12-29 03:10:29 UTC
adding ports-secteam to CC I took a look at the massive list, and only are patches of two or three CVE's. The rest are all about apple iOS/xOS with no patches. The question I have for the port-secteam are: 1) I can't really patch these... but if they are apple CVE's should we care? 2) So should I list them in the vuxml? we should only add entries to vuxml that actually affect FreeBSD A commit references this bug: Author: kwm Date: Thu Feb 4 11:03:34 UTC 2016 New revision: 408023 URL: https://svnweb.freebsd.org/changeset/ports/408023 Log: Document webkit CVE-2014-1748. If people look at the announcement, CVE-2014-3192 is already fixed. This CVE was against chromium, and the same code in 2.4.9 is in webkit trunk so I assume it already fixed. CVE-2013-6663 is for webkit < 2.4.0, and the rest of the CVE's are for apple products without any attached patches. PR: 205683 Obtained from: http://webkitgtk.org/security/WSA-2015-0002.html Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: kwm Date: Thu Feb 4 11:09:49 UTC 2016 New revision: 408024 URL: https://svnweb.freebsd.org/changeset/ports/408024 Log: Fix CVE-2014-1748. PR: 205683 Security: 1091d2d1-cb2e-11e5-b14b-bcaec565249c Changes: head/www/webkit-gtk2/Makefile head/www/webkit-gtk2/files/patch-CVE-2014-1748 head/www/webkit-gtk3/Makefile head/www/webkit-gtk3/files/patch-CVE-2014-1748 Fix, thanks for the headup! |