Candidate: CVE-2016-4763
PublicDate: 2016-09-25 10:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4763
 http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html
 http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
 http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html
 https://support.apple.com/HT207143
 https://support.apple.com/HT207157
 https://support.apple.com/HT207158
Description:
 WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on
 Windows, and Safari before 10 does not properly verify X.509 certificates
 from HTTPS servers, which allows man-in-the-middle attackers to spoof
 servers and obtain sensitive information via a crafted certificate.
Ubuntu-Description:
Notes:
 jdstrand> webkit receives limited support. For details, see
  https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit
 jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N [6.8 MEDIUM]

Patches_webkit:
upstream_webkit: needs-triage
precise_webkit: ignored (see notes)
trusty_webkit: DNE
trusty/esm_webkit: DNE
vivid/ubuntu-core_webkit: DNE
vivid/stable-phone-overlay_webkit: DNE
xenial_webkit: DNE
yakkety_webkit: DNE
devel_webkit: DNE

Patches_webkitgtk:
upstream_webkitgtk: needs-triage
precise_webkitgtk: DNE
trusty_webkitgtk: ignored (no update available)
trusty/esm_webkitgtk: DNE (trusty was ignored [no update available])
vivid/ubuntu-core_webkitgtk: DNE
vivid/stable-phone-overlay_webkitgtk: DNE
xenial_webkitgtk: ignored (no update available)
yakkety_webkitgtk: ignored (no update available)
devel_webkitgtk: ignored (no update available)

Patches_webkit2gtk:
upstream_webkit2gtk: released (2.14.0)
precise_webkit2gtk: DNE
trusty_webkit2gtk: DNE
trusty/esm_webkit2gtk: DNE
vivid/ubuntu-core_webkit2gtk: DNE
vivid/stable-phone-overlay_webkit2gtk: DNE
xenial_webkit2gtk: not-affected
esm-infra/xenial_webkit2gtk: not-affected
yakkety_webkit2gtk: not-affected
devel_webkit2gtk: not-affected

Patches_qtwebkit-source:
upstream_qtwebkit-source: needs-triage
precise_qtwebkit-source: ignored (see notes)
trusty_qtwebkit-source: ignored (no update available)
trusty/esm_qtwebkit-source: DNE (trusty was ignored [no update available])
vivid/ubuntu-core_qtwebkit-source: DNE
vivid/stable-phone-overlay_qtwebkit-source: DNE
xenial_qtwebkit-source: ignored (no update available)
yakkety_qtwebkit-source: ignored (no update available)
devel_qtwebkit-source: ignored (no update available)

Patches_qtwebkit-opensource-src:
upstream_qtwebkit-opensource-src: needs-triage
precise_qtwebkit-opensource-src: DNE
trusty_qtwebkit-opensource-src: ignored (no update available)
trusty/esm_qtwebkit-opensource-src: DNE (trusty was ignored [no update available])
vivid/ubuntu-core_qtwebkit-opensource-src: DNE
vivid/stable-phone-overlay_qtwebkit-opensource-src: DNE
xenial_qtwebkit-opensource-src: ignored (no update available)
esm-infra/xenial_qtwebkit-opensource-src: ignored (no update available)
yakkety_qtwebkit-opensource-src: ignored (no update available)
devel_qtwebkit-opensource-src: ignored (no update available)