Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 04 Apr 2018 14:22:53 -0500
From: Michael Catanzaro <mcatanzaro@...lia.com>
To: webkit-gtk@...ts.webkit.org
Cc: oss-security@...ts.openwall.com, security@...kit.org,
	bugtraq@...urityfocus.com, distributor-list@...me.org
Subject: Re: [webkit-security] WebKitGTK+ Security Advisory WSA-2018-0003


Correction:

On Wed, Apr 4, 2018 at 1:46 PM, Michael Catanzaro 
<mcatanzaro@...lia.com> wrote:
> CVE-2018-4118
>     Versions affected: WebKitGTK+ before 2.18.1.
>     Credit to Jun Kokatsu (@shhnjk).
>     Impact: Processing maliciously crafted web content may lead to
>     arbitrary code execution. Description: Multiple memory corruption
>     issues were addressed with improved memory handling.

The versions affected for CVE-2018-4118 was not correct. An attempt to 
fix this issue was included in 2.18.1, but the change was incomplete. 
This should have read:

Versions affected: WebKitGTK+ before 2.20.0

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.