Merge commit '0678c67d2e28607aaf1991fb1ba25c74fc7b78ec'

author: Repository QA checks <repo-qa-checks@gentoo.org> 2016-12-13 10:21:59 +0000
committer: Repository QA checks <repo-qa-checks@gentoo.org> 2016-12-13 10:21:59 +0000
commit: 675a69d47ee09f11e506bee4faa4ae82b89e4a18 (patch)
tree: 63e632049b2a4c4729f1f83e09c1180587f7a8ce /metadata/glsa/glsa-201612-41.xml
parent: 2016-12-13 09:49:18 UTC (diff)
parent: Add GLSA 201612-41 (diff)
download: gentoo-675a69d47ee09f11e506bee4faa4ae82b89e4a18.tar.gz
gentoo-675a69d47ee09f11e506bee4faa4ae82b89e4a18.tar.bz2
gentoo-675a69d47ee09f11e506bee4faa4ae82b89e4a18.zip
1 files changed, 200 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-201612-41.xml b/metadata/glsa/glsa-201612-41.xml
new file mode 100644
index 000000000000..c1dbb84e1084
--- /dev/null
+++ b/metadata/glsa/glsa-201612-41.xml
@@ -0,0 +1,200 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="201612-41">
+  <title>WebKitGTK+: Multiple vulnerabilities</title>
+  <synopsis>Multiple vulnerabilities have been found in WebKitGTK+, the worst
+    of which may allow execution of arbitrary code.
+  </synopsis>
+  <product type="ebuild">webkit-gtk</product>
+  <announced>December 13, 2016</announced>
+  <revised>December 13, 2016: 1</revised>
+  <bug>543650</bug>
+  <bug>570034</bug>
+  <bug>573656</bug>
+  <bug>577068</bug>
+  <access>remote</access>
+  <affected>
+    <package name="net-libs/webkit-gtk" auto="yes" arch="*">
+      <unaffected range="ge">2.4.10-r200</unaffected>
+      <vulnerable range="lt">2.4.10-r200</vulnerable>
+    </package>
+  </affected>
+  <background>
+    <p>WebKitGTK+ is a full-featured port of the WebKit rendering engine,
+      suitable for projects requiring any kind of web integration, from hybrid
+      HTML/CSS applications to full-fledged web browsers. It offers WebKit’s
+      full functionality and is useful in a wide range of systems from desktop
+      computers to embedded systems like phones, tablets, and televisions.
+      WebKitGTK+ is made by a lively community of developers and designers, who
+      hope to bring the web platform to everyone. It’s the official web
+      engine of the GNOME platform and is used in browsers such as Epiphany and
+      Midori.
+    </p>
+  </background>
+  <description>
+    <p>Multiple vulnerabilities have been discovered in WebKitGTK+. Please
+      review the CVE identifiers referenced below for details.
+    </p>
+  </description>
+  <impact type="normal">
+    <p>A remote attacker can use multiple vectors to execute arbitrary code or
+      cause a Denial of Service condition.
+    </p>
+  </impact>
+  <workaround>
+    <p>There is no known workaround at this time.</p>
+  </workaround>
+  <resolution>
+    <p>All WebKitGTK+ users should upgrade to the latest version:</p>
+    
+    <code>
+      # emerge --sync
+      # emerge --ask --oneshot --verbose "&gt;=net-libs/webkit-gtk-2.4.10-r200"
+    </code>
+  </resolution>
+  <references>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748">CVE-2014-1748</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3192">CVE-2014-3192</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4409">CVE-2014-4409</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4410">CVE-2014-4410</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4411">CVE-2014-4411</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4412">CVE-2014-4412</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4413">CVE-2014-4413</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4414">CVE-2014-4414</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4452">CVE-2014-4452</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4459">CVE-2014-4459</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4465">CVE-2014-4465</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4466">CVE-2014-4466</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4468">CVE-2014-4468</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4469">CVE-2014-4469</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4470">CVE-2014-4470</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4471">CVE-2014-4471</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4472">CVE-2014-4472</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4473">CVE-2014-4473</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4474">CVE-2014-4474</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4475">CVE-2014-4475</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4476">CVE-2014-4476</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4477">CVE-2014-4477</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4479">CVE-2014-4479</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1068">CVE-2015-1068</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1069">CVE-2015-1069</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1070">CVE-2015-1070</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1071">CVE-2015-1071</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1072">CVE-2015-1072</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1073">CVE-2015-1073</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1074">CVE-2015-1074</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1075">CVE-2015-1075</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1076">CVE-2015-1076</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1077">CVE-2015-1077</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1080">CVE-2015-1080</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1081">CVE-2015-1081</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1082">CVE-2015-1082</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1083">CVE-2015-1083</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1084">CVE-2015-1084</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1119">CVE-2015-1119</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1120">CVE-2015-1120</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1121">CVE-2015-1121</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1122">CVE-2015-1122</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1124">CVE-2015-1124</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1126">CVE-2015-1126</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1127">CVE-2015-1127</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1152">CVE-2015-1152</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1153">CVE-2015-1153</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1154">CVE-2015-1154</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1155">CVE-2015-1155</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1156">CVE-2015-1156</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2330">CVE-2015-2330</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3658">CVE-2015-3658</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3659">CVE-2015-3659</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3660">CVE-2015-3660</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3727">CVE-2015-3727</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3730">CVE-2015-3730</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3731">CVE-2015-3731</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3732">CVE-2015-3732</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3733">CVE-2015-3733</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3734">CVE-2015-3734</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3735">CVE-2015-3735</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3736">CVE-2015-3736</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3737">CVE-2015-3737</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3738">CVE-2015-3738</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3739">CVE-2015-3739</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3740">CVE-2015-3740</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3741">CVE-2015-3741</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3742">CVE-2015-3742</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3743">CVE-2015-3743</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3744">CVE-2015-3744</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3745">CVE-2015-3745</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3746">CVE-2015-3746</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3747">CVE-2015-3747</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3748">CVE-2015-3748</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3749">CVE-2015-3749</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3750">CVE-2015-3750</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3751">CVE-2015-3751</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3752">CVE-2015-3752</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3753">CVE-2015-3753</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3754">CVE-2015-3754</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3755">CVE-2015-3755</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5788">CVE-2015-5788</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5789">CVE-2015-5789</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5790">CVE-2015-5790</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5791">CVE-2015-5791</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5792">CVE-2015-5792</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5793">CVE-2015-5793</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5794">CVE-2015-5794</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5795">CVE-2015-5795</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5797">CVE-2015-5797</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5798">CVE-2015-5798</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5799">CVE-2015-5799</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5800">CVE-2015-5800</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5801">CVE-2015-5801</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5802">CVE-2015-5802</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5803">CVE-2015-5803</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5804">CVE-2015-5804</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5805">CVE-2015-5805</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5806">CVE-2015-5806</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5807">CVE-2015-5807</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5809">CVE-2015-5809</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5810">CVE-2015-5810</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5811">CVE-2015-5811</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5812">CVE-2015-5812</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5813">CVE-2015-5813</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5814">CVE-2015-5814</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5815">CVE-2015-5815</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5816">CVE-2015-5816</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5817">CVE-2015-5817</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5818">CVE-2015-5818</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5819">CVE-2015-5819</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5822">CVE-2015-5822</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5823">CVE-2015-5823</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5825">CVE-2015-5825</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5826">CVE-2015-5826</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5827">CVE-2015-5827</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5828">CVE-2015-5828</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5928">CVE-2015-5928</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5929">CVE-2015-5929</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5930">CVE-2015-5930</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5931">CVE-2015-5931</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7002">CVE-2015-7002</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7012">CVE-2015-7012</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7013">CVE-2015-7013</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7014">CVE-2015-7014</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7048">CVE-2015-7048</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7095">CVE-2015-7095</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7096">CVE-2015-7096</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7097">CVE-2015-7097</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7098">CVE-2015-7098</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7099">CVE-2015-7099</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7100">CVE-2015-7100</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7102">CVE-2015-7102</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7103">CVE-2015-7103</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7104">CVE-2015-7104</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1723">CVE-2016-1723</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1724">CVE-2016-1724</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1725">CVE-2016-1725</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1726">CVE-2016-1726</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1727">CVE-2016-1727</uri>
+    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1728">CVE-2016-1728</uri>
+  </references>
+  <metadata tag="requester" timestamp="Sat, 12 Mar 2016 11:54:30 +0000">b-man</metadata>
+  <metadata tag="submitter" timestamp="Tue, 13 Dec 2016 10:18:40 +0000">whissi</metadata>
+</glsa>
author	Repository QA checks <repo-qa-checks@gentoo.org>	2016-12-13 10:21:59 +0000
committer	Repository QA checks <repo-qa-checks@gentoo.org>	2016-12-13 10:21:59 +0000
commit	675a69d47ee09f11e506bee4faa4ae82b89e4a18 (patch)
tree	63e632049b2a4c4729f1f83e09c1180587f7a8ce /metadata/glsa/glsa-201612-41.xml
parent	2016-12-13 09:49:18 UTC (diff)
parent	Add GLSA 201612-41 (diff)
download	gentoo-675a69d47ee09f11e506bee4faa4ae82b89e4a18.tar.gz gentoo-675a69d47ee09f11e506bee4faa4ae82b89e4a18.tar.bz2 gentoo-675a69d47ee09f11e506bee4faa4ae82b89e4a18.zip