Opened 3 years ago

Closed 3 years ago

#11654 closed enhancement (fixed)

webkitgtk-2.22.6 (CVE-2019-6212 CVE-2019-6215)

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: high Milestone: 8.4
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Douglas R. Reno, 3 years ago

Now this one was unexpected... I haven't even gotten the release notes yet.

As soon as I do, I'll plop this in. It's likely a security fix.

comment:2 by Douglas R. Reno, 3 years ago

Owner: changed from blfs-book to Douglas R. Reno
Priority: normalhigh
Status: newassigned
Summary: webkitgtk-2.22.6webkitgtk-2.22.6 (CVE-2019-6212 CVE-2019-6215)

As I should've expected...

comment:3 by Douglas R. Reno, 3 years ago

CVE-2019-6212

    Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before 2.22.4.
    Credit to an anonymous researcher.
    Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-6215

    Versions affected: WebKitGTK+ before 2.22.6 and WPE WebKit before 2.22.4.
    Credit to Lokihardt of Google Project Zero.
    Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved memory handling.


WebKitGTK+ 2.22.6 released!

This is a bug fix release in the stable 2.22 series.
What’s new in the WebKitGTK+ 2.22.6 release?

    Make kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour.
    Fix Web inspector magnifier under Wayland.
    Fix garbled rendering of some websites (e.g. YouTube) while scrolling under X11.
    Fix several crashes, race conditions, and rendering issues.

Thanks to all the contributors who made possible this release.

comment:4 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r21111

Note: See TracTickets for help on using tickets.