webkit2gtk / wpewebkit: CVE-2022-30293 and CVE-2022-30294

Upstream security advisory pending

2 files changed, 12 insertions, 2 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 9d919ecefb..7caa7de204 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1546,9 +1546,15 @@ CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predict
 	NOTE: https://mailman.openadk.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/thread/6JWRW3P4VN54J5FHUDK7IQOU4V35HHDZ/
 	NOTE: src:uclibc switched to the uClibc-ng source codebase with the 1.0.20-1 upload.
 CVE-2022-30294 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-fre ...)
-	TODO: check, Alberto Garcia is checking with upstream
+	RESERVED
+	- webkit2gtk 2.36.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.36.1-1
 CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based bu ...)
-	TODO: check, Alberto Garcia is checking with upstream
+	RESERVED
+	- webkit2gtk 2.36.1-1
+	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+	- wpewebkit 2.36.1-1
 CVE-2022-29894
 	RESERVED
 CVE-2022-1602
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index f1d9d5991b..f16ddc13b9 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -63,3 +63,7 @@ waitress (jmm)
 --
 wordpress
 --
+webkit2gtk
+--
+wpewebkit
+--