Opened 3 months ago
Closed 3 months ago
#20815 closed enhancement (fixed)
webkitgtk-2.46.5
Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
---|---|---|---|
Priority: | high | Milestone: | 12.3 |
Component: | BOOK | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description ¶
New point version
This update contains security fixes from https://support.apple.com/en-us/121846 - Safari 18.2 was released last week (12/11/2024), and I was able to cross reference the WebKit bug numbers from the Apple advisory to the commits in https://github.com/WebKit/WebKit/commits/webkitglib/2.46/
Release notes:
What’s new in the WebKitGTK 2.46.5 release? Fix the build with GBM and release logs disabled. Fix several crashes and rendering issues.
The highest of these is rated at 8.8 High, so we'll go with that for the rating.
Change History (5)
comment:1 by , 3 months ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 3 months ago
comment:3 by , 3 months ago
CVE-2024-54479 Versions affected: WebKitGTK and WPE WebKit before 2.46.5. Credit to Seunghyun Lee. Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved checks. WebKit Bugzilla: 278497 CVE-2024-54502 Versions affected: WebKitGTK and WPE WebKit before 2.46.5. Credit to Brendon Tiszka of Google Project Zero. Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved checks. WebKit Bugzilla: 281912 CVE-2024-54505 Versions affected: WebKitGTK and WPE WebKit before 2.46.5. Credit to Gary Kwong. Impact: Processing maliciously crafted web content may lead to memory corruption Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 282661 CVE-2024-54508 Versions affected: WebKitGTK and WPE WebKit before 2.46.5. Credit to linjy of HKUS3Lab and chluo of WHUSecLab, Xiangwei Zhang of Tencent Security YUNDING LAB. Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 282180
comment:4 by , 3 months ago
Fixed at 5abbbe68d0d026f56ca447c167ce131a172033dd
SA to come in the morning
Note:
See TracTickets
for help on using tickets.
The patch won't be required anymore either