Date: Wed, 04 Apr 2018 14:22:53 -0500 From: Michael Catanzaro <mcatanzaro@...lia.com> To: webkit-gtk@...ts.webkit.org Cc: oss-security@...ts.openwall.com, security@...kit.org, bugtraq@...urityfocus.com, distributor-list@...me.org Subject: Re: [webkit-security] WebKitGTK+ Security Advisory WSA-2018-0003 Correction: On Wed, Apr 4, 2018 at 1:46 PM, Michael Catanzaro <mcatanzaro@...lia.com> wrote: > CVE-2018-4118 > Versions affected: WebKitGTK+ before 2.18.1. > Credit to Jun Kokatsu (@shhnjk). > Impact: Processing maliciously crafted web content may lead to > arbitrary code execution. Description: Multiple memory corruption > issues were addressed with improved memory handling. The versions affected for CVE-2018-4118 was not correct. An attempt to fix this issue was included in 2.18.1, but the change was incomplete. This should have read: Versions affected: WebKitGTK+ before 2.20.0
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ