Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp3099419lqo;
        Tue, 21 May 2024 07:00:30 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCXlsBui+Hx4aLqYMDaNU1KymejAO2ZQWyEeBkZSkSCxWR4NoWBpQjBvpNXaL2CXHX1i8Sk8F0i7+fOny2eq0e68aY8cRvd1ojDxr09Syg==
X-Google-Smtp-Source: AGHT+IHA5ubzPU6sQgLTCXgtMigNBfH9G9HFu34fUQH/g/8ENrujc3M3oEs0i4/OudasosCsmJK0
X-Received: by 2002:a2e:6101:0:b0:2e0:c689:f8cd with SMTP id 38308e7fff4ca-2e51ff6013emr223937821fa.29.1716300030097;
        Tue, 21 May 2024 07:00:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1716300030; cv=none;
        d=google.com; s=arc-20160816;
        b=uQ7chZJxzL1A57sWNy+8ggGJMYciIBEZv0lRrjLJuBxK4zEYtpuaJTqwwHEW6yAWmb
         w73WO8wsZDXt7luuHMY77n27vUO3Nwy4ld8uo3ZsZ4yIs7GWW1JwCihfCjATDPOBl7Z9
         zAGfVb9WENq6l0mMPIUimH3n5WjMuL0S5JuSsV8YA4hy6qw17OhaV58/2uIUyAUH6W61
         iplfABp/GttwOK8E/bUIUL7XxUnqwJWBLNDFEU39AaXlVsjR/Jy3dKxYkHv+iDd/26gU
         x1iIhz7WtsguVMCWGCd4yA3zhPigpIfOlHPZiQYjmdqDhSKFklkRzAwiU4JgxiJFcJnm
         RbGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=subject:mime-version:references:cc:to:from:message-id:date
         :dkim-signature:delivered-to:delivered-to:reply-to:list-id
         :list-subscribe:list-unsubscribe:list-help:list-post:precedence
         :mailing-list;
        bh=dB9JxqeO5fuEwYudquxNABQH5Xmm/zYBu2Fz8Wq5kZo=;
        fh=pCwmHcR1cXcgE+tNC2X2rUbiY0I24iPjvGdyN7QL6Qw=;
        b=qcI6i14cp029//sZRe45dTRVnn9sbpmeDI84kBXpRN8iiKLCQ81IlyPrdQxd7Ab40k
         1CXOO0VStos3di3eY593GKQH01iAgTnJozJspeMeCXXwZx3kx/EYCv2NeRSmK7o3ByMx
         qH+TZN6hYcoAgeZWYXj6Av9EZIGhPTq1ix+aPYyFyL2VnT2Ss9Db3r/rpSL/TberhvNd
         ldI5nZx+8ZYUQo+pUJKJG0uL5JDGRFZTJlDoLrJJIC97trdUB2MZ9JAh7ULl9W+cukiW
         nuCtS1AEFCAw8/lj/6LeV2oZsXuLN//e5uTcmUL86RWYHyU6FD7wNDRZIiqvzAdMaxGf
         6ERg==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@igalia.com header.s=20170329 header.b="JWSIGL/X";
       spf=pass (google.com: domain of oss-security-return-30158-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30158-linux.lists.archive=gmail.com@lists.openwall.com"
Return-Path: <oss-security-return-30158-linux.lists.archive=gmail.com@lists.openwall.com>
Received: from second.openwall.net (second.openwall.net. [193.110.157.125])
        by mx.google.com with SMTP id 4fb4d7f45d1cf-5782567d01fsi497704a12.509.2024.05.21.07.00.28
        for <linux.lists.archive@gmail.com>;
        Tue, 21 May 2024 07:00:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of oss-security-return-30158-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@igalia.com header.s=20170329 header.b="JWSIGL/X";
       spf=pass (google.com: domain of oss-security-return-30158-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30158-linux.lists.archive=gmail.com@lists.openwall.com"
Received: (qmail 13521 invoked by uid 550); 21 May 2024 14:00:03 -0000
Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:oss-security@lists.openwall.com>
List-Help: <mailto:oss-security-help@lists.openwall.com>
List-Unsubscribe: <mailto:oss-security-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:oss-security-subscribe@lists.openwall.com>
List-ID: <oss-security.lists.openwall.com>
Reply-To: oss-security@lists.openwall.com
Delivered-To: mailing list oss-security@lists.openwall.com
Delivered-To: moderator for oss-security@lists.openwall.com
Received: (qmail 7476 invoked from network); 21 May 2024 13:56:24 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com;
	s=20170329; h=Content-Type:MIME-Version:References:Subject:Cc:To:From:
	Message-ID:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:In-Reply-To:List-Id:List-Help:List-Unsubscribe:
	List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=cX1lt0Mrr49SC4lhODYL1+E2pzX58bw804mDhSawj7o=; b=JWSIGL/XSU11jT4ZI1zM8T0eKC
	XGfmIPSXb8YtPDN/f8OKX3QIAHhUuLu1lkUKEVW81pzhM5R7c+lqtNwhXCFWeQAe4TVyOpteejsmW
	s3i1kwQ49Zh2v/q1KeJR/QUNLAXhG+gpPn4toCAJ/xeHj0IK/yShEZ7LqH2fG+KI0jbdZx+1AoRlF
	YhFgkOVh+gLnY/FCNSG1atjrVURl8McY1dRoDbwPp3olgDIh7r6YRAVmyaDaiwnTqiLkhqunfAtuE
	cdridf+yh5/4p4EL4fNFuyWYLnzhju4NA689cu9aC3v9NF4ovfSS602cTQdCBi7M2XL7JqhBz8Eg3
	pwRWzhLw==;
Date: Tue, 21 May 2024 16:56:12 +0300
Message-ID: <20240521165612.GD613527@igalia.com>
From: Adrian Perez de Castro <aperez@igalia.com>
To: webkit-gtk@lists.webkit.org, webkit-wpe@lists.webkit.org
Cc: security@webkit.org, oss-security@lists.openwall.com
References:
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Fjc+e9so8vfBbiBq"; micalg="pgp-ripemd160"; protocol="application/pgp-signature"
Subject: [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2024-0003

--Fjc+e9so8vfBbiBq
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: base64

LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tCldlYktpdEdUSyBhbmQgV1BFIFdlYktpdCBTZWN1cml0eSBBZHZpc29y
eSAgICAgICAgICAgICAgICAgV1NBLTIwMjQtMDAwMwotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KCkRhdGUgcmVw
b3J0ZWQgICAgICAgICAgIDogTWF5IDIxLCAyMDI0CkFkdmlzb3J5IElEICAgICAgICAgICAgIDog
V1NBLTIwMjQtMDAwMwpXZWJLaXRHVEsgQWR2aXNvcnkgVVJMICA6IGh0dHBzOi8vd2Via2l0Z3Rr
Lm9yZy9zZWN1cml0eS9XU0EtMjAyNC0wMDAzLmh0bWwKV1BFIFdlYktpdCBBZHZpc29yeSBVUkwg
OiBodHRwczovL3dwZXdlYmtpdC5vcmcvc2VjdXJpdHkvV1NBLTIwMjQtMDAwMy5odG1sCkNWRSBp
ZGVudGlmaWVycyAgICAgICAgIDogQ1ZFLTIwMjQtMjc4MzQuCgpTZXZlcmFsIHZ1bG5lcmFiaWxp
dGllcyB3ZXJlIGRpc2NvdmVyZWQgaW4gV2ViS2l0R1RLIGFuZCBXUEUgV2ViS2l0LgoKQ1ZFLTIw
MjQtMjc4MzQKICAgIFZlcnNpb25zIGFmZmVjdGVkOiBXZWJLaXRHVEsgYW5kIFdQRSBXZWJLaXQg
YmVmb3JlIDIuNDQuMi4KICAgIE1hbmZyZWQgUGF1bCB3b3JraW5nIHdpdGggVHJlbmQgTWljcm8n
cyBaZXJvIERheSBJbml0aWF0aXZlLgogICAgSW1wYWN0OiBBbiBhdHRhY2tlciB3aXRoIGFyYml0
cmFyeSByZWFkIGFuZCB3cml0ZSBjYXBhYmlsaXR5IG1heSBiZQogICAgYWJsZSB0byBieXBhc3Mg
UG9pbnRlciBBdXRoZW50aWNhdGlvbi4gRGVzY3JpcHRpb246IFRoZSBpc3N1ZSB3YXMKICAgIGFk
ZHJlc3NlZCB3aXRoIGltcHJvdmVkIGNoZWNrcy4KICAgIFdlYktpdCBCdWd6aWxsYTogMjcyNzUw
CgpXZSByZWNvbW1lbmQgdXBkYXRpbmcgdG8gdGhlIGxhdGVzdCBzdGFibGUgdmVyc2lvbnMgb2Yg
V2ViS2l0R1RLIGFuZCBXUEUKV2ViS2l0LiBJdCBpcyB0aGUgYmVzdCB3YXkgdG8gZW5zdXJlIHRo
YXQgeW91IGFyZSBydW5uaW5nIHNhZmUgdmVyc2lvbnMKb2YgV2ViS2l0LiBQbGVhc2UgY2hlY2sg
b3VyIHdlYnNpdGVzIGZvciBpbmZvcm1hdGlvbiBhYm91dCB0aGUgbGF0ZXN0CnN0YWJsZSByZWxl
YXNlcy4KCkZ1cnRoZXIgaW5mb3JtYXRpb24gYWJvdXQgV2ViS2l0R1RLIGFuZCBXUEUgV2ViS2l0
IHNlY3VyaXR5IGFkdmlzb3JpZXMKY2FuIGJlIGZvdW5kIGF0OiBodHRwczovL3dlYmtpdGd0ay5v
cmcvc2VjdXJpdHkuaHRtbCBvcgpodHRwczovL3dwZXdlYmtpdC5vcmcvc2VjdXJpdHkuCgpUaGUg
V2ViS2l0R1RLIGFuZCBXUEUgV2ViS2l0IHRlYW0sCg==

--Fjc+e9so8vfBbiBq
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEDAB0WIQRao7wzT9fjNp58d7KRxVnb5MkSOwUCZkyn/AAKCRCRxVnb5MkS
OwAfAJ4mTGng8T1r74qZwPjxevL+HPwCdwCfZSusqfqYNky+n3lMm3NWNkEF2+4=
=+ORo
-----END PGP SIGNATURE-----

--Fjc+e9so8vfBbiBq--