PublicDateAtUSN: 2017-02-16
Candidate: CVE-2017-2355
PublicDate: 2017-02-20 08:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355
 https://webkitgtk.org/security/WSA-2017-0002.html
 https://ubuntu.com/security/notices/USN-3200-1
Description:
 An issue was discovered in certain Apple products. iOS before 10.2.1 is
 affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is
 affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected.
 The issue involves the "WebKit" component. It allows remote attackers to
 execute arbitrary code or cause a denial of service (uninitialized memory
 access and application crash) via a crafted web site.
Ubuntu-Description: 
Notes:
 jdstrand> webkit receives limited support. For details, see
  https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit
 jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
Bugs: 
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_webkit:
upstream_webkit: needs-triage
precise_webkit: ignored (see notes)
trusty_webkit: DNE
trusty/esm_webkit: DNE
vivid/ubuntu-core_webkit: DNE
vivid/stable-phone-overlay_webkit: DNE
xenial_webkit: DNE
yakkety_webkit: DNE
devel_webkit: DNE

Patches_webkitgtk:
upstream_webkitgtk: needs-triage
precise_webkitgtk: DNE
trusty_webkitgtk: ignored (no update available)
trusty/esm_webkitgtk: DNE (trusty was ignored [no update available])
vivid/ubuntu-core_webkitgtk: DNE
vivid/stable-phone-overlay_webkitgtk: DNE
xenial_webkitgtk: ignored (no update available)
yakkety_webkitgtk: ignored (no update available)
devel_webkitgtk: ignored (no update available)

Patches_webkit2gtk:
upstream_webkit2gtk: released (2.14.4)
precise_webkit2gtk: DNE
trusty_webkit2gtk: DNE
trusty/esm_webkit2gtk: DNE
vivid/ubuntu-core_webkit2gtk: DNE
vivid/stable-phone-overlay_webkit2gtk: DNE
xenial_webkit2gtk: released (2.14.5-0ubuntu0.16.04.1)
esm-infra/xenial_webkit2gtk: released (2.14.5-0ubuntu0.16.04.1)
yakkety_webkit2gtk: released (2.14.5-0ubuntu0.16.10.1)
devel_webkit2gtk: not-affected (2.15.4-1ubuntu2)

Patches_qtwebkit-source:
upstream_qtwebkit-source: needs-triage
precise_qtwebkit-source: ignored (see notes)
trusty_qtwebkit-source: ignored (no update available)
trusty/esm_qtwebkit-source: DNE (trusty was ignored [no update available])
vivid/ubuntu-core_qtwebkit-source: DNE
vivid/stable-phone-overlay_qtwebkit-source: DNE
xenial_qtwebkit-source: ignored (no update available)
yakkety_qtwebkit-source: ignored (no update available)
devel_qtwebkit-source: ignored (no update available)

Patches_qtwebkit-opensource-src:
upstream_qtwebkit-opensource-src: needs-triage
precise_qtwebkit-opensource-src: DNE
trusty_qtwebkit-opensource-src: ignored (no update available)
trusty/esm_qtwebkit-opensource-src: DNE (trusty was ignored [no update available])
vivid/ubuntu-core_qtwebkit-opensource-src: DNE
vivid/stable-phone-overlay_qtwebkit-opensource-src: DNE
xenial_qtwebkit-opensource-src: ignored (no update available)
esm-infra/xenial_qtwebkit-opensource-src: ignored (no update available)
yakkety_qtwebkit-opensource-src: ignored (no update available)
devel_qtwebkit-opensource-src: ignored (no update available)