1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
PublicDateAtUSN: 2017-04-01
Candidate: CVE-2017-2442
PublicDate: 2017-04-01
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2442
https://support.apple.com/HT207600
https://support.apple.com/HT207617
https://www.webkitgtk.org/security/WSA-2017-0003.html
http://www.ubuntu.com/usn/usn-3257-1
Description:
An issue was discovered in certain Apple products. iOS before 10.3 is
affected. Safari before 10.1 is affected. The issue involves the "WebKit
JavaScript Bindings" component. It allows remote attackers to bypass the
Same Origin Policy and obtain sensitive information via a crafted web site.
Ubuntu-Description:
Notes:
jdstrand> webkit receives limited support. For details, see
https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit
jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_webkit:
upstream_webkit: needs-triage
precise_webkit: ignored (see notes)
precise/esm_webkit: DNE (precise was ignored [see notes])
trusty_webkit: DNE
vivid/ubuntu-core_webkit: DNE
vivid/stable-phone-overlay_webkit: DNE
xenial_webkit: DNE
yakkety_webkit: DNE
zesty_webkit: DNE
devel_webkit: DNE
Patches_webkitgtk:
upstream_webkitgtk: needs-triage
precise_webkitgtk: DNE
precise/esm_webkitgtk: DNE
trusty_webkitgtk: needs-triage
vivid/ubuntu-core_webkitgtk: DNE
vivid/stable-phone-overlay_webkitgtk: DNE
xenial_webkitgtk: needs-triage
yakkety_webkitgtk: ignored (reached end-of-life)
zesty_webkitgtk: needs-triage
devel_webkitgtk: needs-triage
Patches_webkit2gtk:
upstream_webkit2gtk: released (2.14.6)
precise_webkit2gtk: DNE
precise/esm_webkit2gtk: DNE
trusty_webkit2gtk: DNE
vivid/ubuntu-core_webkit2gtk: DNE
vivid/stable-phone-overlay_webkit2gtk: DNE
xenial_webkit2gtk: released (2.16.1-0ubuntu0.16.04.1)
yakkety_webkit2gtk: released (2.16.1-0ubuntu0.16.10.1)
zesty_webkit2gtk: not-affected (2.16.1-1)
devel_webkit2gtk: not-affected (2.16.1-1)
Patches_qtwebkit-source:
upstream_qtwebkit-source: needs-triage
precise_qtwebkit-source: ignored (see notes)
precise/esm_qtwebkit-source: DNE (precise was ignored [see notes])
trusty_qtwebkit-source: needs-triage
vivid/ubuntu-core_qtwebkit-source: DNE
vivid/stable-phone-overlay_qtwebkit-source: DNE
xenial_qtwebkit-source: needs-triage
yakkety_qtwebkit-source: ignored (reached end-of-life)
zesty_qtwebkit-source: needs-triage
devel_qtwebkit-source: needs-triage
Patches_qtwebkit-opensource-src: needs-triage
upstream_qtwebkit-opensource-src: needs-triage
precise_qtwebkit-opensource-src: DNE
precise/esm_qtwebkit-opensource-src: DNE
trusty_qtwebkit-opensource-src: needs-triage
vivid/ubuntu-core_qtwebkit-opensource-src: DNE
vivid/stable-phone-overlay_qtwebkit-opensource-src: DNE
xenial_qtwebkit-opensource-src: needs-triage
yakkety_qtwebkit-opensource-src: ignored (reached end-of-life)
zesty_qtwebkit-opensource-src: needs-triage
devel_qtwebkit-opensource-src: needs-triage
|