Opened 7 years ago
Closed 7 years ago
#9384 closed enhancement (fixed)
webkitgtk-2.16.4
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | 8.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Wonderful.</sarcasm> Another point version.
Change History (4)
comment:1 by , 7 years ago
comment:2 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 7 years ago
WebKitGTK+ 2.16.4
- Fix web process deadlock when seeking youtube videos.
- Fix blob downloads.
- Improve theme rendering performance when using GTK+ >= 3.20.
- Fix positioning of popup menus in Wayland.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2017-2538.
Note:
See TracTickets
for help on using tickets.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2017-2538 Versions affected: WebKitGTK+ before 2.16.4. Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-2424 Versions affected: WebKitGTK+ before 2.16.0. Credit to Paul Thomson (using the GLFuzz tool) of the Multicore Programming Group, Imperial College London. Impact: Processing maliciously crafted web content may result in the disclosure of process memory. Description: An information disclosure issue existed in the processing of OpenGL shaders. This issue was addressed through improved memory management.