Opened 5 years ago
Closed 5 years ago
#12448 closed enhancement (fixed)
webkitgtk-2.24.4
Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
---|---|---|---|
Priority: | high | Milestone: | 9.0 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
New point version.
Change History (7)
comment:1 by , 5 years ago
comment:2 by , 5 years ago
Why there is always a new webkitgtk release just after I built it? :(
I'll try and see if this release can fix the issue playing videos on Bilibili.
comment:3 by , 5 years ago
Heads up, this has several security fixes in it. Fixes include patches for CVE IDs CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, and CVE-2019-8688. All of these have between a 6.1 and 6.3 CVSSv3 Score as well.
CVE-2019-8644
CVE-2019-8644 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to G. Geshev working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
CVE-2019-8649
CVE-2019-8649 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Sergei Glazunov of Google Project Zero. Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management.
CVE-2019-8658
CVE-2019-8658 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to akayn working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue was addressed with improved state management.
CVE-2019-8669
CVE-2019-8669 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to akayn working with Trend Micro's Zero Day Initiative. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
CVE-2019-8678
CVE-2019-8678 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to an anonymous researcher, Anthony Lai (@darkfloyd1014) of Knownsec, Ken Wong (@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a) of Theori, Johnny Yu (@straight_blast) of VX Browser Exploitation Group, Chris Chan (@dr4g0nfl4me) of VX Browser Exploitation Group, Phil Mok (@shadyhamsters) of VX Browser Exploitation Group, Alan Ho (@alan_h0) of Knownsec, Byron Wai of VX Browser Exploitation. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
CVE-2019-8680
CVE-2019-8680 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Jihui Lu of Tencent KeenLab. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
CVE-2019-8683
CVE-2019-8683 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to lokihardt of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
CVE-2019-8684
CVE-2019-8684 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to lokihardt of Google Project Zero. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
CVE-2019-8688
CVE-2019-8688 Versions affected: WebKitGTK before 2.24.4 and WPE WebKit before 2.24.3. Credit to Insu Yun of SSLab at Georgia Tech. Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling.
comment:4 by , 5 years ago
Priority: | normal → high |
---|
comment:5 by , 5 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
Note:
See TracTickets
for help on using tickets.
I'd like to consider backporting this to 9.0. Here are the release notes:
The Python3 fix, rounding artifacts, and hang fixes are extremely important