Candidate: CVE-2016-7587
PublicDate: 2017-02-20 08:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7587
 https://support.apple.com/en-us/HT207421
 https://webkitgtk.org/security/WSA-2017-0001.html
Description:
 An issue was discovered in certain Apple products. iOS before 10.2 is
 affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected.
 iTunes before 12.5.4 is affected. The issue involves the "WebKit"
 component. It allows remote attackers to execute arbitrary code or cause a
 denial of service (memory corruption and application crash) via a crafted
 web site.
Ubuntu-Description:
Notes:
 jdstrand> webkit receives limited support. For details, see
  https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit
 jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
Bugs:
Priority: medium
Discovered-by: Adam Klein
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_webkit:
upstream_webkit: needs-triage
precise_webkit: ignored (see notes)
trusty_webkit: DNE
trusty/esm_webkit: DNE
vivid/ubuntu-core_webkit: DNE
vivid/stable-phone-overlay_webkit: DNE
xenial_webkit: DNE
yakkety_webkit: DNE
devel_webkit: DNE

Patches_webkitgtk:
upstream_webkitgtk: needs-triage
precise_webkitgtk: DNE
trusty_webkitgtk: ignored (no update available)
trusty/esm_webkitgtk: DNE (trusty was ignored [no update available])
vivid/ubuntu-core_webkitgtk: DNE
vivid/stable-phone-overlay_webkitgtk: DNE
xenial_webkitgtk: ignored (no update available)
yakkety_webkitgtk: ignored (no update available)
devel_webkitgtk: ignored (no update available)

Patches_webkit2gtk:
upstream_webkit2gtk: released (2.14.0)
precise_webkit2gtk: DNE
trusty_webkit2gtk: DNE
trusty/esm_webkit2gtk: DNE
vivid/ubuntu-core_webkit2gtk: DNE
vivid/stable-phone-overlay_webkit2gtk: DNE
xenial_webkit2gtk: not-affected (2.14.2-0ubuntu0.16.04.1)
esm-infra/xenial_webkit2gtk: not-affected (2.14.2-0ubuntu0.16.04.1)
yakkety_webkit2gtk: not-affected (2.14.2-0ubuntu1)
devel_webkit2gtk: not-affected (2.14.3-1)

Patches_qtwebkit-source:
upstream_qtwebkit-source: needs-triage
precise_qtwebkit-source: ignored (see notes)
trusty_qtwebkit-source: ignored (no update available)
trusty/esm_qtwebkit-source: DNE (trusty was ignored [no update available])
vivid/ubuntu-core_qtwebkit-source: DNE
vivid/stable-phone-overlay_qtwebkit-source: DNE
xenial_qtwebkit-source: ignored (no update available)
yakkety_qtwebkit-source: ignored (no update available)
devel_qtwebkit-source: ignored (no update available)

Patches_qtwebkit-opensource-src:
upstream_qtwebkit-opensource-src: needs-triage
precise_qtwebkit-opensource-src: DNE
trusty_qtwebkit-opensource-src: ignored (no update available)
trusty/esm_qtwebkit-opensource-src: DNE (trusty was ignored [no update available])
vivid/ubuntu-core_qtwebkit-opensource-src: DNE
vivid/stable-phone-overlay_qtwebkit-opensource-src: DNE
xenial_qtwebkit-opensource-src: ignored (no update available)
esm-infra/xenial_qtwebkit-opensource-src: ignored (no update available)
yakkety_qtwebkit-opensource-src: ignored (no update available)
devel_qtwebkit-opensource-src: ignored (no update available)