File _patchinfo of Package patchinfo.6148

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.6148

<patchinfo incident="6148">
  <issue id="1020950" tracker="bnc">VUL-0: webkit2gtk3,webkitgtk,webkitgtk3: WebKitGTK+ Security Advisory WSA-2017-0001</issue>
  <issue id="1024749" tracker="bnc">VUL-0: CVE-2017-2350: webkitgtk: Multiple vulnerabilities before version 2.4.14 [WSA-2017-0002]</issue>
  <issue id="1050469" tracker="bnc">VUL-0: libqt5-qtwebkit, libQtWebKit4, webkitgtk3, webkitgtk, webkit2gtk3: WebKitGTK+ Security Advisory WSA-2017-0006</issue>
  <issue id="1066892" tracker="bnc">VUL-0: webkit2gtk3: multiple security issues fixed</issue>
  <issue id="1069925" tracker="bnc">VUL-0: webkit2gtk3: version 2.18.3 released</issue>
  <issue id="1073654" tracker="bnc">VUL-0: CVE-2017-13856,CVE-2017-7157,CVE-2017-13856,CVE-2017-13866,CVE-2017-13870: libqt5-qtwebkit,webkit2gtk3,webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution</issue>
  <issue id="1075419" tracker="bnc">VUL-0: webkitgtk: speculative side channel attacks on various CPU platforms aka "SpectreAttack" and "MeltdownAttack"</issue>
  <issue id="2016-4692" tracker="cve" />
  <issue id="2016-4743" tracker="cve" />
  <issue id="2016-7586" tracker="cve" />
  <issue id="2016-7587" tracker="cve" />
  <issue id="2016-7589" tracker="cve" />
  <issue id="2016-7592" tracker="cve" />
  <issue id="2016-7598" tracker="cve" />
  <issue id="2016-7599" tracker="cve" />
  <issue id="2016-7610" tracker="cve" />
  <issue id="2016-7623" tracker="cve" />
  <issue id="2016-7632" tracker="cve" />
  <issue id="2016-7635" tracker="cve" />
  <issue id="2016-7639" tracker="cve" />
  <issue id="2016-7641" tracker="cve" />
  <issue id="2016-7645" tracker="cve" />
  <issue id="2016-7652" tracker="cve" />
  <issue id="2016-7654" tracker="cve" />
  <issue id="2016-7656" tracker="cve" />
  <issue id="2017-13788" tracker="cve" />
  <issue id="2017-13788" tracker="cve" />
  <issue id="2017-13798" tracker="cve" />
  <issue id="2017-13798" tracker="cve" />
  <issue id="2017-13803" tracker="cve" />
  <issue id="2017-13803" tracker="cve" />
  <issue id="2017-13856" tracker="cve" />
  <issue id="2017-13856" tracker="cve" />
  <issue id="2017-13866" tracker="cve" />
  <issue id="2017-13866" tracker="cve" />
  <issue id="2017-13870" tracker="cve" />
  <issue id="2017-13870" tracker="cve" />
  <issue id="2017-2350" tracker="cve" />
  <issue id="2017-2354" tracker="cve" />
  <issue id="2017-2355" tracker="cve" />
  <issue id="2017-2356" tracker="cve" />
  <issue id="2017-2362" tracker="cve" />
  <issue id="2017-2363" tracker="cve" />
  <issue id="2017-2364" tracker="cve" />
  <issue id="2017-2365" tracker="cve" />
  <issue id="2017-2366" tracker="cve" />
  <issue id="2017-2369" tracker="cve" />
  <issue id="2017-2371" tracker="cve" />
  <issue id="2017-2373" tracker="cve" />
  <issue id="2017-2496" tracker="cve" />
  <issue id="2017-2510" tracker="cve" />
  <issue id="2017-2539" tracker="cve" />
  <issue id="2017-5715" tracker="cve" />
  <issue id="2017-5715" tracker="cve" />
  <issue id="2017-5753" tracker="cve" />
  <issue id="2017-5753" tracker="cve" />
  <issue id="2017-5754" tracker="cve" />
  <issue id="2017-7006" tracker="cve" />
  <issue id="2017-7011" tracker="cve" />
  <issue id="2017-7012" tracker="cve" />
  <issue id="2017-7018" tracker="cve" />
  <issue id="2017-7019" tracker="cve" />
  <issue id="2017-7020" tracker="cve" />
  <issue id="2017-7030" tracker="cve" />
  <issue id="2017-7034" tracker="cve" />
  <issue id="2017-7037" tracker="cve" />
  <issue id="2017-7038" tracker="cve" />
  <issue id="2017-7039" tracker="cve" />
  <issue id="2017-7040" tracker="cve" />
  <issue id="2017-7041" tracker="cve" />
  <issue id="2017-7042" tracker="cve" />
  <issue id="2017-7043" tracker="cve" />
  <issue id="2017-7046" tracker="cve" />
  <issue id="2017-7048" tracker="cve" />
  <issue id="2017-7049" tracker="cve" />
  <issue id="2017-7052" tracker="cve" />
  <issue id="2017-7055" tracker="cve" />
  <issue id="2017-7056" tracker="cve" />
  <issue id="2017-7059" tracker="cve" />
  <issue id="2017-7061" tracker="cve" />
  <issue id="2017-7064" tracker="cve" />
  <issue id="2017-7081" tracker="cve" />
  <issue id="2017-7081" tracker="cve" />
  <issue id="2017-7087" tracker="cve" />
  <issue id="2017-7087" tracker="cve" />
  <issue id="2017-7089" tracker="cve" />
  <issue id="2017-7089" tracker="cve" />
  <issue id="2017-7090" tracker="cve" />
  <issue id="2017-7090" tracker="cve" />
  <issue id="2017-7091" tracker="cve" />
  <issue id="2017-7091" tracker="cve" />
  <issue id="2017-7092" tracker="cve" />
  <issue id="2017-7092" tracker="cve" />
  <issue id="2017-7093" tracker="cve" />
  <issue id="2017-7093" tracker="cve" />
  <issue id="2017-7094" tracker="cve" />
  <issue id="2017-7094" tracker="cve" />
  <issue id="2017-7095" tracker="cve" />
  <issue id="2017-7095" tracker="cve" />
  <issue id="2017-7096" tracker="cve" />
  <issue id="2017-7096" tracker="cve" />
  <issue id="2017-7098" tracker="cve" />
  <issue id="2017-7098" tracker="cve" />
  <issue id="2017-7099" tracker="cve" />
  <issue id="2017-7099" tracker="cve" />
  <issue id="2017-7100" tracker="cve" />
  <issue id="2017-7100" tracker="cve" />
  <issue id="2017-7102" tracker="cve" />
  <issue id="2017-7102" tracker="cve" />
  <issue id="2017-7104" tracker="cve" />
  <issue id="2017-7104" tracker="cve" />
  <issue id="2017-7107" tracker="cve" />
  <issue id="2017-7107" tracker="cve" />
  <issue id="2017-7109" tracker="cve" />
  <issue id="2017-7109" tracker="cve" />
  <issue id="2017-7111" tracker="cve" />
  <issue id="2017-7111" tracker="cve" />
  <issue id="2017-7117" tracker="cve" />
  <issue id="2017-7117" tracker="cve" />
  <issue id="2017-7120" tracker="cve" />
  <issue id="2017-7120" tracker="cve" />
  <issue id="2017-7142" tracker="cve" />
  <issue id="2017-7142" tracker="cve" />
  <issue id="2017-7156" tracker="cve" />
  <issue id="2017-7156" tracker="cve" />
  <issue id="2017-7157" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>federico-mena</packager>
  <description>

This update for webkit2gtk3 fixes the following issues:

Update to version 2.18.5:

+ Disable SharedArrayBuffers from Web API.
  + Reduce the precision of "high" resolution time to 1ms.
  + bsc#1075419 - Security fixes: includes improvements to mitigate
    the effects of Spectre and Meltdown (CVE-2017-5753 and CVE-2017-5715).

Update to version 2.18.4:

+ Make WebDriver implementation more spec compliant.
  + Fix a bug when trying to remove cookies before a web process is
    spawned.
  + WebKitWebDriver process no longer links to
    libjavascriptcoregtk.
  + Fix several memory leaks in GStreamer media backend.
  + bsc#1073654 - Security fixes: CVE-2017-13866, CVE-2017-13870,
    CVE-2017-7156, CVE-2017-13856.

Update to version 2.18.3:

+ Improve calculation of font metrics to prevent scrollbars from
    being shown unnecessarily in some cases.
  + Fix handling of null capabilities in WebDriver implementation.
  + Security fixes: CVE-2017-13798, CVE-2017-13788, CVE-2017-13803.

Update to version 2.18.2:

+ Fix rendering of arabic text.
  + Fix a crash in the web process when decoding GIF images.
  + Fix rendering of wind in Windy.com.
  + Fix several crashes and rendering issues.

Update to version 2.18.1:

+ Improve performance of GIF animations.
  + Fix garbled display in GMail.
  + Fix rendering of several material design icons when using the
    web font.
  + Fix flickering when resizing the window in Wayland.
  + Prevent default kerberos authentication credentials from being
    used in ephemeral sessions.
  + Fix a crash when webkit_web_resource_get_data() is cancelled.
  + Correctly handle touchmove and touchend events in
    WebKitWebView.
  + Fix the build with enchant 2.1.1.
  + Fix the build in HPPA and Alpha.
  + Fix several crashes and rendering issues.
  + Security fixes: CVE-2017-7081, CVE-2017-7087, CVE-2017-7089,
    CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093,
    CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098,
    CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104,
    CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117,
    CVE-2017-7120, CVE-2017-7142.

- Enable gold linker on s390/s390x on SLE15/Tumbleweed.
</description>
  <summary>Security update for webkit2gtk3</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.6148

Places