|
Date: Wed, 04 Apr 2018 14:22:53 -0500 From: Michael Catanzaro <mcatanzaro@...lia.com> To: webkit-gtk@...ts.webkit.org Cc: oss-security@...ts.openwall.com, security@...kit.org, bugtraq@...urityfocus.com, distributor-list@...me.org Subject: Re: [webkit-security] WebKitGTK+ Security Advisory WSA-2018-0003 Correction: On Wed, Apr 4, 2018 at 1:46 PM, Michael Catanzaro <mcatanzaro@...lia.com> wrote: > CVE-2018-4118 > Versions affected: WebKitGTK+ before 2.18.1. > Credit to Jun Kokatsu (@shhnjk). > Impact: Processing maliciously crafted web content may lead to > arbitrary code execution. Description: Multiple memory corruption > issues were addressed with improved memory handling. The versions affected for CVE-2018-4118 was not correct. An attempt to fix this issue was included in 2.18.1, but the change was incomplete. This should have read: Versions affected: WebKitGTK+ before 2.20.0
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.