[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006
From:       Salvatore Bonaccorso <carnil () debian ! org>
Date:       2021-10-31 14:50:22
Message-ID: YX6tLtG34BETJzoE () eldamar ! lan
[Download RAW message or body]

Hi,

On Thu, Oct 28, 2021 at 06:24:24AM +0200, Salvatore Bonaccorso wrote:
> Hi Samuel,
> 
> On Wed, Oct 27, 2021 at 04:40:55PM +0200, Samuel Groß wrote:
> > Hi!
> > 
> > I don't know what happened to CVE-2021-30851 as these CVEs are allocated by
> > Apple usually. I think the CVE would correspond to this issue though:
> > https://bugs.webkit.org/show_bug.cgi?id=227988
> 
> I pinged now product-security@apple.com as well on this (as Apple Inc
> is the responsible CNA for the CVE).

I did not got a reply but apparently the CVE entry got re-populated
at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30851 and
now reads as "A memory corruption vulnerability was addressed with
improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS
8, iOS 15 and iPadOS 15. Processing maliciously crafted web content
may lead to code execution."

Regards,
Salvatore
[prev in list] [next in list] [prev in thread] [next in thread]