Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#12072 closed enhancement (fixed)

webkitgtk 2.24.2 (CVE-2019-8595 CVE-2019-8607 CVE-2019-8615)

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version

What's new in the WebKitGTK 2.24.2 release?
===========================================

  - Fix rendering of emojis copy-pasted from GTK emoji chooser.
  - Fix space characters not being rendered with some CJK fonts.
  - Fix adaptive streaming playback with older GStreamer versions.
  - Set a maximum zoom level for pinch zooming gesture.
  - Fix navigation gesture to not interfere with scrolling.
  - Fix SSE2 detection at compile time, ensuring the right flags are passed to the compiler.
  - Fix several crashes and rendering issues.
  - Translation updates: Danish, Spanish, Ukrainian.
  - Security fixes: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615.

Change History (5)

comment:1 by Douglas R. Reno, 5 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Bruce Dubbs, 5 years ago

Summary: WebKitGTK+-2.24.2 (CVE-2019-8595 CVE-2019-8607 CVE-2019-8615)webkitgtk 2.24.2 (CVE-2019-8595 CVE-2019-8607 CVE-2019-8615)

comment:3 by Douglas R. Reno, 5 years ago

CVE-2019-8595

    Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
    Credit to G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative.
    Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
CVE-2019-8607

    Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
    Credit to Junho Jang and Hanul Choi of LINE Security Team.
    Processing maliciously crafted web content may result in the disclosure of process memory. An out-of-bounds read was addressed with improved input validation.
CVE-2019-8615

    Versions affected: WebKitGTK and WPE WebKit before 2.24.2.
    Credit to G. Geshev from MWR Labs working with Trend Micro’s Zero Day Initiative.
    Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.

comment:4 by Douglas R. Reno, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r21702

comment:5 by Bruce Dubbs, 5 years ago

Milestone: 8.59.0

Milestone renamed

Note: See TracTickets for help on using tickets.