From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] webkitgtk: security bump to version 2.16.6
Date: Wed, 26 Jul 2017 10:50:40 +0200 [thread overview]
Message-ID: <20170726085040.20516-1-peter@korsgaard.com> (raw)
Fixes the following security issues:
CVE-2017-7018 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7030 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7034 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7037 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7039 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7046 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7048 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7055 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7056 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7061 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
It allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
CVE-2017-7064 - An issue was discovered in certain Apple products. iOS
before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before
6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected.
The issue involves the "WebKit" component. It allows attackers to bypass
intended memory-read restrictions via a crafted app.
For more details, see the announcement:
https://webkitgtk.org/2017/07/24/webkitgtk2.16.6-released.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/webkitgtk/webkitgtk.hash | 8 ++++----
package/webkitgtk/webkitgtk.mk | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
index 5df4ce8df3..2c0fc50611 100644
--- a/package/webkitgtk/webkitgtk.hash
+++ b/package/webkitgtk/webkitgtk.hash
@@ -1,4 +1,4 @@
-# From https://webkitgtk.org/releases/webkitgtk-2.16.5.tar.xz.sums
-md5 fce72dc89cd310a663d9eb97133861fe webkitgtk-2.16.5.tar.xz
-sha1 8052fda41b1b666f175baaac787c5cba39ed24a0 webkitgtk-2.16.5.tar.xz
-sha256 8e0396f3428e757898c5856e642eed4fcd5a20ae03d96d3eaa03b76634be7dd4 webkitgtk-2.16.5.tar.xz
+# From https://webkitgtk.org/releases/webkitgtk-2.16.6.tar.xz.sums
+md5 0e2d142a586e4ff79cf0324f4fdbf20c webkitgtk-2.16.6.tar.xz
+sha1 f7fca3fbac3dc99e39f353a6df250635e684c922 webkitgtk-2.16.6.tar.xz
+sha256 fc23650df953123c59b9c0edf3855e7bd55bd107820997fc72375811e1ea4b21 webkitgtk-2.16.6.tar.xz
diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
index ef20839f92..b200d23262 100644
--- a/package/webkitgtk/webkitgtk.mk
+++ b/package/webkitgtk/webkitgtk.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WEBKITGTK_VERSION = 2.16.5
+WEBKITGTK_VERSION = 2.16.6
WEBKITGTK_SITE = http://www.webkitgtk.org/releases
WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
WEBKITGTK_INSTALL_STAGING = YES
--
2.11.0
next reply other threads:[~2017-07-26 8:50 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-26 8:50 Peter Korsgaard [this message]
2017-07-26 12:24 ` [Buildroot] [PATCH] webkitgtk: security bump to version 2.16.6 Adrian Perez de Castro
2017-07-26 14:53 ` Peter Korsgaard
2017-07-26 20:52 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170726085040.20516-1-peter@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox