PublicDateAtUSN: 2020-04-28
Candidate: CVE-2020-3899
PublicDate: 2020-04-01 18:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3899
 https://webkitgtk.org/security/WSA-2020-0005.html
 https://ubuntu.com/security/notices/USN-4347-1
Description:
 A memory consumption issue was addressed with improved memory handling.
 This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2,
 Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud
 for Windows 7.18. A remote attacker may be able to cause arbitrary code
 execution.
Ubuntu-Description: 
Notes:
 jdstrand> webkit receives limited support. For details, see
  https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit
 jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
Mitigation: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_webkitgtk:
upstream_webkitgtk: needs-triage
precise/esm_webkitgtk: DNE
trusty_webkitgtk: ignored (out of standard support)
trusty/esm_webkitgtk: DNE
xenial_webkitgtk: ignored (end of standard support, was needs-triage)
bionic_webkitgtk: needs-triage
eoan_webkitgtk: DNE
focal_webkitgtk: DNE
groovy_webkitgtk: DNE
hirsute_webkitgtk: DNE
impish_webkitgtk: DNE
jammy_webkitgtk: DNE
devel_webkitgtk: DNE

Patches_webkit2gtk:
upstream_webkit2gtk: released (2.28.2)
precise/esm_webkit2gtk: DNE
trusty_webkit2gtk: DNE
trusty/esm_webkit2gtk: DNE
xenial_webkit2gtk: ignored (end of standard support, was deferred)
esm-infra/xenial_webkit2gtk: deferred
bionic_webkit2gtk: released (2.28.2-0ubuntu0.18.04.1)
eoan_webkit2gtk: released (2.28.2-0ubuntu0.19.10.1)
focal_webkit2gtk: released (2.28.2-0ubuntu0.20.04.1)
groovy_webkit2gtk: released (2.28.2-2)
hirsute_webkit2gtk: released (2.28.2-2)
impish_webkit2gtk: released (2.28.2-2)
jammy_webkit2gtk: released (2.28.2-2)
devel_webkit2gtk: released (2.28.2-2)

Patches_qtwebkit-source:
upstream_qtwebkit-source: needs-triage
precise/esm_qtwebkit-source: DNE
trusty_qtwebkit-source: ignored (out of standard support)
trusty/esm_qtwebkit-source: DNE
xenial_qtwebkit-source: ignored (end of standard support, was needs-triage)
bionic_qtwebkit-source: needs-triage
eoan_qtwebkit-source: DNE
focal_qtwebkit-source: DNE
groovy_qtwebkit-source: DNE
hirsute_qtwebkit-source: DNE
impish_qtwebkit-source: DNE
jammy_qtwebkit-source: DNE
devel_qtwebkit-source: DNE

Patches_qtwebkit:
upstream_qtwebkit: needs-triage
precise/esm_qtwebkit: DNE
trusty_qtwebkit: ignored (out of standard support)
trusty/esm_qtwebkit: DNE
xenial_qtwebkit: DNE
bionic_qtwebkit: DNE
eoan_qtwebkit: ignored (reached end-of-life)
focal_qtwebkit: DNE
groovy_qtwebkit: DNE
hirsute_qtwebkit: DNE
impish_qtwebkit: DNE
jammy_qtwebkit: DNE
devel_qtwebkit: DNE

Patches_qtwebkit-opensource-src:
upstream_qtwebkit-opensource-src: needs-triage
precise/esm_qtwebkit-opensource-src: DNE
trusty_qtwebkit-opensource-src: ignored (out of standard support)
trusty/esm_qtwebkit-opensource-src: DNE
xenial_qtwebkit-opensource-src: ignored (end of standard support, was needs-triage)
esm-infra/xenial_qtwebkit-opensource-src: needs-triage
bionic_qtwebkit-opensource-src: needs-triage
eoan_qtwebkit-opensource-src: ignored (reached end-of-life)
focal_qtwebkit-opensource-src: needs-triage
groovy_qtwebkit-opensource-src: ignored (reached end-of-life)
hirsute_qtwebkit-opensource-src: ignored (reached end-of-life)
impish_qtwebkit-opensource-src: needs-triage
jammy_qtwebkit-opensource-src: needs-triage
devel_qtwebkit-opensource-src: needs-triage