Opened 8 years ago
Closed 8 years ago
#8213 closed enhancement (fixed)
WebkitGTK+-2.1.x-2.12.4
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | highest | Milestone: | 7.10 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version.
Fix performance in accelerated compositing mode with the modesetting intel driver and DRI3 enabled. Reduce the amount of file descriptors that the Web Process keeps open. Fix Web Process deadlocks when loading HLS videos. Make CSS and SVG animations run at 60fps. Make meter elements accessible. Improve accessibility name and description of elements to make it more compatible with W3C specs and fix several bugs in which the accessible name of objects was missing or broken. Fix a crash when running windowed plugins under Wayland. Fix a crash at process exit under Wayland. Fix several crashes and rendering issues. Translation updates: German. Security fixes: CVE-2016-4622, CVE-2016-4624, CVE-2016-4591, CVE-2016-4590.
CVSSv3 Rating: HIGH (8.8)
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.
CVSSv3 Rating: HIGH (8.8)
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.
CVSSv3 Rating: HIGH (8.8)
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which '''allows remote attackers to access the local filesystem via unspecified vectors'''.
CVSSv3 Rating: Medium (5.4)
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Change History (7)
comment:1 by , 8 years ago
| Milestone: | 7.11 → 7.10 |
|---|---|
| Owner: | changed from to |
| Status: | new → assigned |
comment:2 by , 8 years ago
| Summary: | WebkitGTK+-2.12.4 → WebkitGTK+-2.1.x-2.12.4 |
|---|
comment:3 by , 8 years ago
Using -j10
SBU=21.199 11436 /usr/src/webkit/webkitgtk-2.12.4.tar.xz SIZE (11.167 MB) 931940 kilobytes BUILD SIZE (910.097 MB) md5sum : 0331ac714fd1a0587ffea470ef1afb20 /usr/src/webkit/webkitgtk-2.12.4.tar.xz
I used -DENABLE_GEOLOCATION=OFF
comment:4 by , 8 years ago
OK, I am wondering if Geolocation services have that much of an impact on build time. I used -j4 and got 36 SBU (I don't have more than 4 cores on my development system).
Can you check if yours used the internal malloc or the system malloc? It should be in the beginning of the log.
comment:6 by , 8 years ago
Fixed at r17687. All users are encouraged to update IMMEDIATELY.
http://www.eweek.com/security/apple-rushes-out-patch-for-new-ios-zero-day-flaws.html?utm_medium=email&utm_campaign=EWK_NL_EP_20160829_STR4L2&dni=353783057&rni=25928700
The WebKit Zero-day vulnerability that was used to exploit that person's iPhone (exploit costed 1 million dollars!) was patched with this release. This update fixes that Zero-day as long as 3 others.
I see why the folks at the GNOME Project were yelling at distributors on the gnome-distributors-list now.
Bruce, errata?
comment:7 by , 8 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Renamed ticket to satisfy currency script