-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4528-1 [email protected]
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
April 11, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : webkit2gtk
Version : 2.50.6-1~deb11u1
CVE ID : CVE-2025-43214 CVE-2025-43457 CVE-2025-43511 CVE-2026-20608
CVE-2026-20635 CVE-2026-20636 CVE-2026-20644 CVE-2026-20652
CVE-2026-20676
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2025-43214
shandikri discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2025-43457
Gary Kwong and Hossein Lotfi discovered that processing
maliciously crafted web content may lead to an unexpected process
crash.
CVE-2025-43511
Lee Dong Ha discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2026-20608
HanQing and Nan Wang discovered that processing maliciously
crafted web content may lead to an unexpected process crash.
CVE-2026-20635
EntryHi discovered that processing maliciously crafted web content
may lead to an unexpected process crash.
CVE-2026-20636
EntryHi discovered that processing maliciously crafted web content
may lead to an unexpected process crash.
CVE-2026-20644
HanQing and Nan Wang discovered that processing maliciously
crafted web content may lead to an unexpected process crash.
CVE-2026-20652
Nathaniel Oh discovered that a remote attacker may be able to
cause a denial-of-service.
CVE-2026-20676
Tom Van Goethem discovered that a website may be able to track
users through web extensions.
For Debian 11 bullseye, these problems have been fixed in version
2.50.6-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmnaLisACgkQnUbEiOQ2
gwLy5g//cFLRq03IT5fQWDCWjQUXEYZRXP+phu+kow7pf0Mh0kmrHpB7+DfSDazq
js00mRMZQde98xXxwQae+SuvUU+Hq56vuEDVuza3sA3b/X3QnxSfvPSbRmBo+RjW
nGJrxdk7MSlwanJBX3B7BNL6v5qWbHxV8fmrmf4qcZ4A3l8OLXesaaUxzbu3nJY8
uqRjUuum3U9ISNAzbQ1IvQ9SlsFI1NzWo7xs14No0pWESVF7nDvzclr+fKU15TKx
QpC+yKIyOb7vO8/dnEMYbURq+/P/UjFTUjOYUrdA9XCq9I/U2rQjDCkm5DlzDjLO
47cYgTwTFt/002nR7b/K3mV9pVO6cG9E5InRgioq++io+ZRcTjM+wxNkxvBatN5I
ijM9d5fh3fvCEwujQ0jm27UjQQUt9vraABBhZX8K8rSr9fb/65ZNdlmZItzjKSui
+Fc8MNJIVCFwxe1JJ4vVU95ozPJH1NdZ8EvEuolPEcbeOVSJ84sYr/Hmkxk7V3Xu
X3X4pcm87ddKPWuJ+aae8C9DOIcHdOPFiBN5rKf1gzyqwDOvnuPNrmNTn/BBxLoS
l4igLDlQNaW6GgstxFwHM1GfenrnQVhk3L14XDKzkmdYm1S8AfpjQR7EWqfBk/UN
lvB8wLNxqrET48jAvuDl/kvLoBzLD+c2gzF8kSXiCF5vgjoQScc=
=DKAE
-----END PGP SIGNATURE-----
