#7402 closed enhancement (fixed)
webkitgtk-2.10.6
| Reported by: | Fernando de Oliveira | Owned by: | Fernando de Oliveira |
|---|---|---|---|
| Priority: | high | Milestone: | 7.9 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by )
WebKitGTK+ Security Advisory WSA-2016-0001
CVE-2015-7096 and CVE-2015-7098
https://lists.webkit.org/pipermail/webkit-gtk/2016-February/002610.html
See comment:4, below.
http://webkitgtk.org/releases/webkitgtk-2.10.6.tar.xz
http://webkitgtk.org/releases/webkitgtk-2.10.6.tar.xz.sha1.asc
https://lists.webkit.org/pipermail/webkit-gtk/2016-January/002521.html
md5sum: 50c52ffc0069ba2376101b5d211226fb
Left the Requirements session, below, for convenience.
[webkit-gtk] WebKitGTK+ 2.10.6 released!
Carlos Garcia Campos cgarcia at igalia.com
Wed Jan 27 06:33:19 PST 2016
This is a bug fix release in the stable 2.10 series.
What's new in the WebKitGTK+ 2.10.6 release?
============================================
- Fix a deadlock in the Web Process when JavaScript garbage collector
was running for a web worker thread that made google maps to hang.
- Fix media controls displaying without controls attribute.
- Fix a Web Process crash when quickly attempting many DnD operations.
Requirements
============
gtk+ >= 3.6.0
glib >= 2.36
libsoup >= 2.42.0
cairo >= 1.10.2
libxml >= 2.8.0
libxslt >= 1.1.7
HarfBuzz >= 0.9.2
icu
fontconfig >= 2.8.0
FreeType2 >= 2.4.2
libsecret
SQLite
enchant
Depending on your configuration options WebKitGTK+ may also depend on:
gtk+ >= 2.24.10
GObject introspection
gstreamer >= 1.0.3
GeoClue >= 2.1.5
gudev
cairo-gl >= 1.10.2
...
The WebKitGTK+ team,
January 27, 2016
--
Carlos Garcia Campos
...
Change History (5)
comment:1 by , 8 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 8 years ago
| Description: | modified (diff) |
|---|
comment:4 by , 8 years ago
| Priority: | normal → high |
|---|
Changing priority to high, after post from webkitgtk list which I reproduce here:
https://lists.webkit.org/pipermail/webkit-gtk/2016-February/002610.html
WebKitGTK+ Security Advisory WSA-2016-0001
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0001
------------------------------------------------------------------------
Date reported : February 01, 2016
Advisory ID : WSA-2016-0001
Advisory URL : http://webkitgtk.org/security/WSA-2016-0001.html
CVE identifiers : CVE-2015-7096, CVE-2015-7098.
Several vulnerabilities were discovered on WebKitGTK+.
CVE-2015-7096
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Apple.
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
9.1 allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than CVE-2015-7048,
CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099,
CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
CVE-2015-7098
Versions affected: WebKitGTK+ before 2.10.5.
Credit to Apple.
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before
9.1 allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a
crafted web site, a different vulnerability than CVE-2015-7048,
CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099,
CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
We recommend updating to the last stable version of WebKitGTK+. It is
the best way of ensuring that you are running a safe version of
WebKitGTK+. Please check our website for information about the last
stable releases.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
February 01, 2016
comment:5 by , 8 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.
Sorry