Opened 23 months ago

Closed 23 months ago

Last modified 22 months ago

#16596 closed enhancement (fixed)

webkitgtk-2.36.3

Reported by: Bruce Dubbs Owned by: blfs-book
Priority: normal Milestone: 11.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (3)

comment:1 by Xi Ruoyao, 23 months ago

What’s new in the WebKitGTK 2.36.3 release?

  • Support capturing already encoded video streams, which takes advantage of encoding done in hardware by devices which support this feature.
  • Avoid using experimental GStreamer elements for video demuxing.
  • Avoid using the legacy GStreamer VA-API decoding plug-ins, which often cause rendering issues and are not much maintained. Their usage can be re-enabled setting WEBKIT_GST_ENABLE_LEGACY_VAAPI=1 in the environment.
  • Fix playback of YouTube streams which use dynamic ad insertion.
  • Fix display capture with Pipewire.
  • Fix the build without the X11 target when X11 headers are not present.
  • Fix several crashes and rendering issues.

comment:2 by Bruce Dubbs, 23 months ago

Resolution: fixed
Status: newclosed

Fixed at commits 

dac82c127d Update to ipulseaudio-16.0.
07bd55613d Update to webkitgtk-2.36.3.

comment:3 by Douglas R. Reno, 22 months ago

CVEs (coming from https://webkitgtk.org/security/WSA-2022-0005.html)

---

CVE-2022-26700

Versions affected: WebKitGTK and WPE WebKit before 2.36.3. Impact: Processing maliciously crafted web content may lead to code execution. Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26709

Versions affected: WebKitGTK and WPE WebKit before 2.36.3. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management.

CVE-2022-26717

Versions affected: WebKitGTK and WPE WebKit before 2.36.3. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management.

CVE-2022-26716

Versions affected: WebKitGTK and WPE WebKit before 2.36.3. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management.

CVE-2022-26719

Versions affected: WebKitGTK and WPE WebKit before 2.36.3. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management.

Note: See TracTickets for help on using tickets.