Date: Sun, 31 Oct 2021 15:50:22 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: Samuel Groß <saelo@...gle.com>, Francis Perron <francis.perron@...pify.com>, Carlos Alberto Lopez Perez <clopez@...lia.com>, security@...kit.org, Alberto Garcia <berto@...lia.com> Subject: Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 Hi, On Thu, Oct 28, 2021 at 06:24:24AM +0200, Salvatore Bonaccorso wrote: > Hi Samuel, > > On Wed, Oct 27, 2021 at 04:40:55PM +0200, Samuel Groß wrote: > > Hi! > > > > I don't know what happened to CVE-2021-30851 as these CVEs are allocated by > > Apple usually. I think the CVE would correspond to this issue though: > > https://bugs.webkit.org/show_bug.cgi?id=227988 > > I pinged now product-security@...le.com as well on this (as Apple Inc > is the responsible CNA for the CVE). I did not got a reply but apparently the CVE entry got re-populated at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30851 and now reads as "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution." Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.