Opened 16 months ago

Closed 16 months ago

Last modified 15 months ago

#20225 closed enhancement (fixed)

webkitgtk-2.44.3

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: normal Milestone: 12.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version 

What's new in the WebKitGTK 2.44.3 release?
===========================================

  - Fix web process cache suspend/resume when sandbox is enabled.
  - Fix accelerated images dissapearing after scrolling.
  - Fix video flickering with DMA-BUF sink.
  - Fix pointer lock on X11.
  - Fix movement delta on mouse events in GTK3.
  - Undeprecate console message API and make it available in 2022 API.
  - Fix several crashes and rendering issues.

Change History (3)

comment:1 by Douglas R. Reno, 16 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 16 months ago

Resolution: fixed
Status: assignedclosed

Fixed at f7ecea1eb04dbfc0effefa28c77a706547775f6c

comment:3 by Douglas R. Reno, 15 months ago

SA-12.1-093 issued 

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

    CVE-2024-40776
        Versions affected: WebKitGTK and WPE WebKit before 2.44.3.
        Credit to Huang Xilin of Ant Group Light-Year Security Lab.
        Impact: Processing maliciously crafted web content may lead to an unexpected process 
crash. Description: A use-after-free issue was addressed with improved memory management.
        WebKit Bugzilla: 273176
    CVE-2024-40779
        Versions affected: WebKitGTK and WPE WebKit before 2.44.3.
        Credit to Huang Xilin of Ant Group Light-Year Security Lab.
        Impact: Processing maliciously crafted web content may lead to an unexpected process 
crash. Description: An out-of-bounds read was addressed with improved bounds checking.
        WebKit Bugzilla: 275431
    CVE-2024-40780
        Versions affected: WebKitGTK and WPE WebKit before 2.44.3.
        Credit to Huang Xilin of Ant Group Light-Year Security Lab.
        Impact: Processing maliciously crafted web content may lead to an unexpected process 
crash. Description: An out-of-bounds read was addressed with improved bounds checking.
        WebKit Bugzilla: 275273
    CVE-2024-40782
        Versions affected: WebKitGTK and WPE WebKit before 2.44.3.
        Credit to Maksymilian Motyl.
        Impact: Processing maliciously crafted web content may lead to an unexpected process 
crash. Description: A use-after-free issue was addressed with improved memory management.
        WebKit Bugzilla: 268770
    CVE-2024-40789
        Versions affected: WebKitGTK and WPE WebKit before 2.44.3.
        Credit to Seunghyun Lee (@0x10n) of KAIST Hacking Lab working with Trend Micro Zero Day 
Initiative.
        Impact: Processing maliciously crafted web content may lead to an unexpected process 
crash. Description: An out-of-bounds access issue was addressed with improved bounds checking.
    CVE-2024-4558
        Versions affected: WebKitGTK and WPE WebKit before 2.44.3.
        Credit to an anonymous researcher.
        Impact: Processing maliciously crafted web content may lead to an unexpected process 
crash. Description: Use after free in ANGLE allowed a remote attacker to potentially exploit heap 
corruption via a crafted HTML page.
        WebKit Bugzilla: 274165
Note: See TracTickets for help on using tickets.