Debian -- Security Information -- DSA-5061-1 wpewebkit

Date: unknown

Location: www.debian.org

DSA-5061-1 wpewebkit -- security update

Date Reported:
25 Jan 2022
Affected Packages:
wpewebkit
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984.
More information:

The following vulnerabilities have been discovered in the wpewebkit web engine:

  • CVE-2021-30934

    Dani Biro discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-30936

    Chijin Zhou discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-30951

    Pangu discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-30952

    WeBin discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-30953

    VRIJ discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-30954

    Kunlun Lab discovered that processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2021-30984

    Kunlun Lab discovered that processing maliciously crafted web content may lead to arbitrary code execution.

For the stable distribution (bullseye), these problems have been fixed in version 2.34.4-1~deb11u1.

We recommend that you upgrade your wpewebkit packages.

For the detailed security status of wpewebkit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpewebkit