webkitgtk-2.24.1 (CVE-2019-6251)
New point versions
What's new in the WebKitGTK 2.24.1 release?
===========================================
- Do not allow changes in active URI before provisional load starts for non-API requests.
- Stop the threaded compositor when the page is not visible or layer tree state is frozen.
- Use WebKit HTTP source element again for adaptive streaming fragments downloading.
- Properly handle empty resources in webkit_web_resource_get_data().
- Add quirk to ensure outlook.live.com uses the modern UI.
- Fix methods returing GObject or boxed types in JavaScriptCore GLib API.
- Ensure callback data is passed to functions and constructors with no parameters in JavaScriptCore GLib API.
- Fix rendering of complex text when the font uses x,y origins.
- Fix sound loop with Google Hangouts and WhatsApp notifications.
- Fix the build with GStreamer 1.12.5 and GST GL enabled.
- Detect SSE2 at compile time.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2019-6251.
Change History
(5)
| Owner: |
changed from blfs-book to Douglas R. Reno
|
| Status: |
new → assigned
|
| Resolution: |
→ fixed
|
| Status: |
assigned → closed
|
CVE-2019-11070 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Igalia. WebKitGTK and WPE WebKit failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.CVE-2019-6251 Versions affected: WebKitGTK and WPE WebKit before 2.24.1. Credit to Dhiraj. Processing maliciously crafted web content may lead to spoofing. WebKitGTK and WPE WebKit were vulnerable to a URI spoofing attack similar to the CVE-2018-8383 issue in Microsoft Edge.