[webkit-gtk] Fix CVE-2023-32435 for webkitgtk 2.38.6

不会弹吉他的KK kai.7.kang at gmail.com
Wed Sep 6 01:23:17 PDT 2023

Hi All,
CVE-2023-32435 has been fixed in webkitgtk 2.40.0. According to
https://bugs.webkit.org/show_bug.cgi?id=251890, the commit is at
It patches 3 files, but 2 of them are created/added in 2.40.0 and do NOT
exist in 2.38.6:
* Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp
* Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h

My question is
1. Does webkitgtk 2.38.6 is vulnerable to CVE-2023-32435?
2. If YES, how to deal the patches with the 2 new files? If just ignore and
only patch file Source/JavaScriptCore/wasm/WasmSectionParser.cpp,
could CVE-2023-32435 be fixed for 2.38.6, please?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-gtk/attachments/20230906/573d61d0/attachment.htm>

More information about the webkit-gtk mailing list