#18375 closed enhancement (fixed)
Generate security patch for WebKit's August 2nd Security Advisory
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 12.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
Since we are on unstable, we have to patch these for now until upstream sees it fit to release another unstable release. These have already been fixed in WebKitGTK-2.40.5, but we need to stay on unstable because of Intel GPU issues.
The following CVEs were fixed:
CVE-2023-38133 CVE-2023-38572 CVE-2023-38592 CVE-2023-38594 CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600 CVE-2023-38611
I've done a bunch of research via WebKit bug numbers and found the commits necessary to resolve these, and the unstable version of WebKit does not have any of them.
Change History (7)
comment:1 by , 20 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
follow-up: 7 comment:2 by , 20 months ago
comment:3 by , 20 months ago
My backport is at https://github.com/xry111/WebKit/commits/webkitgtk-2.41.6-security. I've built 2.41.6 with GTK4 and these patches + the patch already in the book and the result seems working (I'm posting this comment in the MiniBrowser).
comment:4 by , 20 months ago
Thank you Xi, I'm going to add one patch to it but the commits there all applied cleanly here. I had some problems with trying to get this working yesterday. For some reason, I would get duplicate case statement errors out of:
case PaintBehavior::DontShowVisitedLinks: ts << "DontShowVisitedLinks"; break;
in Source/WebCore/rendering/RenderLayer.cpp. Never did find out what was going on with that.
I'm also going to add
https://github.com/WebKit/WebKit/commit/ec83f7580fdcc4a4ad7c1597053adc78dd0a922b - changes it so that the redirections cancel navigation instead of showing an error.
comment:5 by , 20 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 7b8b07f8b37e2209e47f247d933b212763b38cc2
I'll file an advisory tomorrow.
comment:7 by , 20 months ago
Correction of some bug numbers for future reference:
Replying to Douglas R. Reno:
Patch crafted out of the following commits and PRs:
- CVE-2023-38133 - WebKit bug 236932, https://github.com/WebKit/WebKit/commit/e1d780dcb545a6a90b4ae0909c29b5c70d95a922
Should be bug 256932.
- CVE-2023-38572 - WebKit Bug 256549, https://github.com/WebKit/WebKit/pull/16258/files
- CVE-2023-38592 - WebKit Bug 257381, https://github.com/WebKit/WebKit/commit/36a57b922accd6bd4a15f84f89b97fc29e713d25
Should be bug 257331.
- CVE-2023-38594, WebKit Bug 256856, https://github.com/WebKit/WebKit/pull/16192
Should be bug 256865.
- CVE-2023-38595, WebKit Bug 256573, https://github.com/WebKit/WebKit/pull/16194
- CVE-2023-38597, WebKit Bug 258100, https://github.com/WebKit/WebKit/pull/16180
- CVE-2023-38599, WebKit Bug 257822, https://github.com/WebKit/WebKit/pull/16289
- CVE-2023-38600, WebKit Bug 257387, https://github.com/WebKit/WebKit/pull/16189
- CVE-2023-38611, WebKit Bug 258058, https://github.com/WebKit/WebKit/pull/16178
Now waiting on it to build
Patch crafted out of the following commits and PRs:
Now waiting on it to build