DSA-5083-1

Details

The following vulnerabilities have been discovered in the WebKitGTK web engine:

CVE-2022-22589

Heige and Bo Qu discovered that processing a maliciously crafted
mail message may lead to running arbitrary javascript.

CVE-2022-22590

Toan Pham discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

CVE-2022-22592

Prakash discovered that processing maliciously crafted web content
may prevent Content Security Policy from being enforced.

CVE-2022-22620

An anonymous researcher discovered that processing maliciously
crafted web content may lead to arbitrary code execution. Apple is
aware of a report that this issue may have been actively
exploited.

Affected Packages

webkit2gtk

Debian 10

Fixed in:

2.34.6-1~deb10u1

webkit2gtk

Debian 11

Fixed in:

2.34.6-1~deb11u1

References

ADVISORY

https://security-tracker.debian.org/tracker/DSA-5083-1