File _patchinfo of Package patchinfo.33308

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.33308

<patchinfo incident="33308">
  <issue tracker="bnc" id="1222010">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2024-0002</issue>                                          
  <issue tracker="cve" id="2024-23254"/>                                                                                                                          
  <issue tracker="cve" id="2023-42843"/>                                                                                                                          
  <issue tracker="cve" id="2024-23252"/>                                                                                                                          
  <issue tracker="cve" id="2024-23284"/>                                                                                                                          
  <issue tracker="cve" id="2023-42950"/>                                                                                                                          
  <issue tracker="cve" id="2024-23263"/>                                                                                                                          
  <issue tracker="cve" id="2024-23280"/>                                                                                                                          
  <issue tracker="cve" id="2023-42956"/>                                                                                                                          
  <packager>mgorse</packager>                                                                                                                                     
  <rating>important</rating>                                                                                                                                          
  <category>security</category>                                                                                                                                   
  <summary>Security update for webkit2gtk3</summary>                                                                                                              
  <description>This update for webkit2gtk3 fixes the following issues:

- CVE-2024-23252: Fixed denial of service via crafted web content (bsc#1222010).
- CVE-2024-23254: Fixed possible audio data exilftration cross-origin via malicious website (bsc#1222010).
- CVE-2024-23263: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010).
- CVE-2024-23280: Fixed possible user fingeprint via malicious crafted web content (bsc#1222010).
- CVE-2024-23284: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010).
- CVE-2023-42950: Fixed arbitrary code execution via crafted web content (bsc#1222010).
- CVE-2023-42956: Fixed denial of service via crafted web content (bsc#1222010).                                                                   
- CVE-2023-42843: Fixed address bar spoofing via malicious website (bsc#1222010).

Other fixes:

- Update to version 2.44.0 (bsc#1222010):                                                                                                                         
  + Make the DOM accessibility tree reachable from UI process with                                                                     
    GTK4.                                                                        
  + Removed the X11 and WPE renderers in favor of DMA-BUF.
  + Improved vblank synchronization when rendering.       
  + Removed key event reinjection in GTK4 to make keyboard                                                                             
    shortcuts work in web sites.                                                 
  + Fix gamepads detection by correctly handling focused window in                                                                     
    GTK4.                                                                                                                                          
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.33308

Places