[webkit-gtk] Fix CVE-2023-32435 for webkitgtk 2.38.6

Michael Catanzaro mcatanzaro at redhat.com
Wed Sep 6 06:45:50 PDT 2023

On Wed, Sep 6 2023 at 04:23:17 PM +0800, 不会弹吉他的KK 
<kai.7.kang at gmail.com> wrote:
> My question is
> 1. Does webkitgtk 2.38.6 is vulnerable to CVE-2023-32435?

No clue, sorry.

> 2. If YES, how to deal the patches with the 2 new files? If just 
> ignore and only patch file 
> Source/JavaScriptCore/wasm/WasmSectionParser.cpp, could 
> CVE-2023-32435 be fixed for 2.38.6, please?

Patching just that one file is what I would do if tasked with 
backporting this fix. That said, keep in mind that only 10-20% of our 
security vulnerabilities receive CVEs, so just patching CVEs is not 
sufficient to provide a secure version of WebKitGTK. The 2.38 branch is 
no longer secure and you should try upgrading to 2.42. (I would skip 
2.40 at this point, since that branch will end next week when 2.42.0 is 


More information about the webkit-gtk mailing list