[Buildroot] [PATCH] webkitgtk: security bump to version 2.16.6

Peter Korsgaard peter at korsgaard.com
Wed Jul 26 14:53:22 UTC 2017 

>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > CVE-2017-7018 - An issue was discovered in certain Apple products.  iOS
 > before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
 > 6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
 > tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
 > It allows remote attackers to execute arbitrary code or cause a denial of
 > service (memory corruption and application crash) via a crafted web site.

 > CVE-2017-7030 - An issue was discovered in certain Apple products.  iOS
 > before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
 > 6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
 > tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
 > It allows remote attackers to execute arbitrary code or cause a denial of
 > service (memory corruption and application crash) via a crafted web site.

 > CVE-2017-7034 - An issue was discovered in certain Apple products.  iOS
 > before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
 > 6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
 > tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
 > It allows remote attackers to execute arbitrary code or cause a denial of
 > service (memory corruption and application crash) via a crafted web site.

 > CVE-2017-7037 - An issue was discovered in certain Apple products.  iOS
 > before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
 > 6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
 > tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
 > It allows remote attackers to execute arbitrary code or cause a denial of
 > service (memory corruption and application crash) via a crafted web site.

 > CVE-2017-7039 - An issue was discovered in certain Apple products.  iOS
 > before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
 > 6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
 > tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
 > It allows remote attackers to execute arbitrary code or cause a denial of
 > service (memory corruption and application crash) via a crafted web site.

 > CVE-2017-7046 - An issue was discovered in certain Apple products.  iOS
 > before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
 > 6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
 > tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
 > It allows remote attackers to execute arbitrary code or cause a denial of
 > service (memory corruption and application crash) via a crafted web site.

 > CVE-2017-7048 - An issue was discovered in certain Apple products.  iOS
 > before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
 > 6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
 > tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
 > It allows remote attackers to execute arbitrary code or cause a denial of
 > service (memory corruption and application crash) via a crafted web site.

 > CVE-2017-7055 - An issue was discovered in certain Apple products.  iOS
 > before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
 > 6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
 > tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
 > It allows remote attackers to execute arbitrary code or cause a denial of
 > service (memory corruption and application crash) via a crafted web site.

 > CVE-2017-7056 - An issue was discovered in certain Apple products.  iOS
 > before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
 > 6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
 > tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
 > It allows remote attackers to execute arbitrary code or cause a denial of
 > service (memory corruption and application crash) via a crafted web site.

 > CVE-2017-7061 - An issue was discovered in certain Apple products.  iOS
 > before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
 > 6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
 > tvOS before 10.2.2 is affected.  The issue involves the "WebKit" component.
 > It allows remote attackers to execute arbitrary code or cause a denial of
 > service (memory corruption and application crash) via a crafted web site.

 > CVE-2017-7064 - An issue was discovered in certain Apple products.  iOS
 > before 10.3.3 is affected.  Safari before 10.1.2 is affected.  iCloud before
 > 6.2.2 on Windows is affected.  iTunes before 12.6.2 on Windows is affected.
 > The issue involves the "WebKit" component.  It allows attackers to bypass
 > intended memory-read restrictions via a crafted app.

 > For more details, see the announcement:
 > https://webkitgtk.org/2017/07/24/webkitgtk2.16.6-released.html

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

More information about the buildroot mailing list