← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

PublicDateAtUSN: 2016-12-31
Candidate: CVE-2016-7654
PublicDate: 2017-02-20
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7654
 https://support.apple.com/en-us/HT207421
 https://webkitgtk.org/security/WSA-2017-0001.html
 http://www.ubuntu.com/usn/usn-3191-1
Description:
 An issue was discovered in certain Apple products. iOS before 10.2 is
 affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected.
 iTunes before 12.5.4 is affected. The issue involves the "WebKit"
 component. It allows remote attackers to execute arbitrary code or cause a
 denial of service (memory corruption and application crash) via a crafted
 web site.
Ubuntu-Description:
Notes:
 jdstrand> webkit receives limited support. For details, see
 https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit
 jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
Bugs:
Priority: medium
Discovered-by:
Assigned-to:

Patches_webkit:
upstream_webkit: needs-triage
precise_webkit: ignored (see notes)
trusty_webkit: DNE
vivid/ubuntu-core_webkit: DNE
vivid/stable-phone-overlay_webkit: DNE
xenial_webkit: DNE
yakkety_webkit: DNE
devel_webkit: DNE

Patches_webkitgtk:
upstream_webkitgtk: needs-triage
precise_webkitgtk: DNE
trusty_webkitgtk: ignored (no update available)
vivid/ubuntu-core_webkitgtk: DNE
vivid/stable-phone-overlay_webkitgtk: DNE
xenial_webkitgtk: ignored (no update available)
yakkety_webkitgtk: ignored (no update available)
devel_webkitgtk: ignored (no update available)

Patches_webkit2gtk:
upstream_webkit2gtk: released (2.14.3)
precise_webkit2gtk: DNE
trusty_webkit2gtk: DNE
vivid/ubuntu-core_webkit2gtk: DNE
vivid/stable-phone-overlay_webkit2gtk: DNE
xenial_webkit2gtk: released (2.14.3-0ubuntu0.16.04.1)
yakkety_webkit2gtk: released (2.14.3-0ubuntu0.16.10.1)
devel_webkit2gtk: not-affected (2.14.3-1)

Patches_qtwebkit-source:
upstream_qtwebkit-source: needs-triage
precise_qtwebkit-source: ignored (see notes)
trusty_qtwebkit-source: ignored (no update available)
vivid/ubuntu-core_qtwebkit-source: DNE
vivid/stable-phone-overlay_qtwebkit-source: DNE
xenial_qtwebkit-source: ignored (no update available)
yakkety_qtwebkit-source: ignored (no update available)
devel_qtwebkit-source: ignored (no update available)

Patches_qtwebkit-opensource-src: needs-triage
upstream_qtwebkit-opensource-src: needs-triage
precise_qtwebkit-opensource-src: DNE
trusty_qtwebkit-opensource-src: ignored (no update available)
vivid/ubuntu-core_qtwebkit-opensource-src: DNE
vivid/stable-phone-overlay_qtwebkit-opensource-src: DNE
xenial_qtwebkit-opensource-src: ignored (no update available)
yakkety_qtwebkit-opensource-src: ignored (no update available)
devel_qtwebkit-opensource-src: ignored (no update available)