Opened 15 months ago

Closed 15 months ago

Last modified 15 months ago

#17588 closed enhancement (fixed)

webkitgtk-2.38.4

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: elevated Milestone: 11.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Douglas R. Reno, 15 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

Grabbing GNOME packages

comment:2 by Douglas R. Reno, 15 months ago

Priority: normalelevated

Release Notes: 

What’s new in the WebKitGTK 2.38.4 release?

    Improve GStreamer multimedia playback across the board with improved codec selection logic,
      better handling of latency, and improving frame discard to avoid audio/video 
      desynchronization, among other fixes.
    Disable HLS media playback by default, which makes web sites use MSE instead. If needed 
       WEBKIT_GST_ENABLE_HLS_SUPPORT=1 can be set in the environment to enable it back.
    Disable threaded rendering in GTK4 builds by default, as it was causing crashes.
    Fix MediaSession API not showing artwork images.
    Fix MediaSession MPRIS usage when running inside a Flatpak sandbox.
    Fix input element controls to correctly scale when applying a zoom factor different than 
       the default.
    Fix leakage of Web processes in certain situations.
    Fix the injected bundle not being found when running inside a sandbox.
    Fix the build with ENABLE_INTROSPECTION when cross-compiling.
    FIx the build with ENABLE_WEBGL disabled.
    Fix the build with GStreamer-based WebRTC enabled.
    Fix the build with USE_GTK4 enabled.
    Fix several crashes and rendering issues.

Security Vulnerabilities

WebKitGTK and WPE WebKit Security Advisory WSA-2023-0001

Date Reported: February 02, 2023

Advisory ID: WSA-2023-0001

CVE identifiers: CVE-2023-23517, CVE-2023-23518, CVE-2022-42826.

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

CVE-2023-23517

Versions affected: WebKitGTK and WPE WebKit before 2.38.4.

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: The issue was addressed with improved memory handling.

CVE-2023-23518

Versions affected: WebKitGTK and WPE WebKit before 2.38.4.

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: The issue was addressed with improved memory handling.

CVE-2022-42826

Versions affected: WebKitGTK and WPE WebKit before 2.38.4.

Impact: Processing maliciously crafted web content may lead to arbitrary code execution.

Description: A use after free issue was addressed with improved memory management.

comment:3 by Douglas R. Reno, 15 months ago

Resolution: fixed
Status: assignedclosed

Fixed at 5cf034b1b77bde0131afee98ccd16cebe077e304

comment:4 by Douglas R. Reno, 15 months ago

SA-11.2-080 issued

Note: See TracTickets for help on using tickets.