#16304 closed enhancement (fixed)
webkitgtk-2.36.0
| Reported by: | Douglas R. Reno | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by ) ¶
New minor version
Change History (4)
comment:1 by , 3 years ago
comment:2 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 3 years ago
| Description: | modified (diff) |
|---|---|
| Resolution: | → fixed |
| Status: | assigned → closed |
Fixed at commit b1f64a1162ec00f49f3e5024c4fac09926814b96
comment:4 by , 3 years ago
| Priority: | normal → elevated |
|---|
It looks like this version contained three security fixes. I will file a security advisory shortly
CVE-2022-22624
Versions affected: WebKitGTK before 2.36.0 and WPE WebKit before 2.34.7
Credit to Kirin (@Pwnrin) of Tencent Security Xuanwu Lab.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A use after free issue was
addressed with improved memory management.
CVE-2022-22628
Versions affected: WebKitGTK before 2.36.0 and WPE WebKit before 2.34.7
Credit to Kirin (@Pwnrin) of Tencent Security Xuanwu Lab.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A use after free issue was
addressed with improved memory management.
CVE-2022-22629
Versions affected: WebKitGTK before 2.36.0 and WPE WebKit before 2.34.7
Credit to Jeonghoon Shin at Theori working with Trend Micro Zero Day
Initiative.
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A buffer overflow issue was
addressed with improved memory handling.
Note:
See TracTickets
for help on using tickets.
Highlights of the WebKitGTK 2.36.0 release