webkitgtk 2.24.2 (CVE-2019-8595 CVE-2019-8607 CVE-2019-8615)
New point version
What's new in the WebKitGTK 2.24.2 release?
===========================================
- Fix rendering of emojis copy-pasted from GTK emoji chooser.
- Fix space characters not being rendered with some CJK fonts.
- Fix adaptive streaming playback with older GStreamer versions.
- Set a maximum zoom level for pinch zooming gesture.
- Fix navigation gesture to not interfere with scrolling.
- Fix SSE2 detection at compile time, ensuring the right flags are passed to the compiler.
- Fix several crashes and rendering issues.
- Translation updates: Danish, Spanish, Ukrainian.
- Security fixes: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615.
| Owner: |
changed from blfs-book to Douglas R. Reno
|
| Status: |
new → assigned
|
| Summary: |
WebKitGTK+-2.24.2 (CVE-2019-8595 CVE-2019-8607 CVE-2019-8615) → webkitgtk 2.24.2 (CVE-2019-8595 CVE-2019-8607 CVE-2019-8615)
|
| Resolution: |
→ fixed
|
| Status: |
assigned → closed
|
CVE-2019-8595 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.CVE-2019-8607 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to Junho Jang and Hanul Choi of LINE Security Team. Processing maliciously crafted web content may result in the disclosure of process memory. An out-of-bounds read was addressed with improved input validation.CVE-2019-8615 Versions affected: WebKitGTK and WPE WebKit before 2.24.2. Credit to G. Geshev from MWR Labs working with Trend Micro’s Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.