Remove CVEs for unsupported features in WSA-2024-0005

Igalia · Sep 25, 2024 · 20a5a47 · 20a5a47
1 parent 8fde241
commit 20a5a47
Showing 1 changed file with 1 addition and 23 deletions.
diff --git a/security/2024-09-25-security-advisory-2024-0005.md b/security/2024-09-25-security-advisory-2024-0005.md
@@ -9,7 +9,7 @@ tags: WSA
 
 * Advisory ID: **WSA-2024-0005**
 
-* CVE identifiers: [CVE-2024-23271](#CVE-2024-23271), [CVE-2024-27808](#CVE-2024-27808), [CVE-2024-27820](#CVE-2024-27820), [CVE-2024-27830](#CVE-2024-27830), [CVE-2024-27833](#CVE-2024-27833), [CVE-2024-27838](#CVE-2024-27838), [CVE-2024-27850](#CVE-2024-27850), [CVE-2024-27851](#CVE-2024-27851), [CVE-2024-40857](#CVE-2024-40857), [CVE-2024-40866](#CVE-2024-40866), [CVE-2024-44187](#CVE-2024-44187)
+* CVE identifiers: [CVE-2024-23271](#CVE-2024-23271), [CVE-2024-27808](#CVE-2024-27808), [CVE-2024-27820](#CVE-2024-27820), [CVE-2024-27833](#CVE-2024-27833), [CVE-2024-27838](#CVE-2024-27838), [CVE-2024-27851](#CVE-2024-27851), [CVE-2024-40866](#CVE-2024-40866), [CVE-2024-44187](#CVE-2024-44187)
 
 
 Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
@@ -35,13 +35,6 @@ Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
     issue was addressed with improved memory handling.
   * WebKit Bugzilla: 270139
 
-* <a name='CVE-2024-27830' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27830'>CVE-2024-27830</a>
-  * Versions affected: WebKitGTK and WPE WebKit before 2.44.3.
-  * Credit to Joe Rutkowski (@Joe12387) of Crawless and @abrahamjuliot.
-  * Impact: A maliciously crafted webpage may be able to fingerprint the user.
-    Description: This issue was addressed through improved state management.
-  * WebKit Bugzilla: 271159
-
 * <a name='CVE-2024-27833' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27833'>CVE-2024-27833</a>
   * Versions affected: WebKitGTK and WPE WebKit before 2.44.2.
   * Credit to Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative.
@@ -57,28 +50,13 @@ Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
     Description: The issue was addressed by adding additional logic.
   * WebKit Bugzilla: 262337
 
-* <a name='CVE-2024-27850' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27850'>CVE-2024-27850</a>
-  * Versions affected: WebKitGTK and WPE WebKit before 2.44.2.
-  * Credit to an anonymous researcher.
-  * Impact: A maliciously crafted webpage may be able to fingerprint the user.
-    Description: This issue was addressed with improvements to the noise injection
-    algorithm.
-  * WebKit Bugzilla: 270767
-
 * <a name='CVE-2024-27851' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27851'>CVE-2024-27851</a>
   * Versions affected: WebKitGTK and WPE WebKit before 2.44.3.
   * Credit to Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute.
   * Impact: Processing maliciously crafted web content may lead to arbitrary code
     execution. Description: The issue was addressed with improved bounds checks.
   * WebKit Bugzilla: 272106
 
-* <a name='CVE-2024-40857' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40857'>CVE-2024-40857</a>
-  * Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
-  * Credit to Ron Masas.
-  * Impact: Processing maliciously crafted web content may lead to universal cross site
-    scripting. Description: This issue was addressed through improved state management.
-  * WebKit Bugzilla: 268724
-
 * <a name='CVE-2024-40866' href='https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40866'>CVE-2024-40866</a>
   * Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
   * Credit to Hafiizh and YoKo Kho (@yokoacc) of HakTrak.