Opened 4 years ago

Closed 4 years ago

#9384 closed enhancement (fixed)

webkitgtk-2.16.4

Reported by: bdubbs@… Owned by: bdubbs@…
Priority: normal Milestone: 8.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

Wonderful.</sarcasm> Another point version.

Change History (4)

comment:1 by bdubbs@…, 4 years ago

Several vulnerabilities were discovered in WebKitGTK+.

CVE-2017-2538
    Versions affected: WebKitGTK+ before 2.16.4.
    Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero
    Day Initiative.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: Multiple memory corruption
    issues were addressed with improved memory handling.

CVE-2017-2424
    Versions affected: WebKitGTK+ before 2.16.0.
    Credit to Paul Thomson (using the GLFuzz tool) of the Multicore
    Programming Group, Imperial College London.
    Impact: Processing maliciously crafted web content may result in the
    disclosure of process memory. Description: An information disclosure
    issue existed in the processing of OpenGL shaders. This issue was
    addressed through improved memory management.

comment:2 by bdubbs@…, 4 years ago

Owner: changed from blfs-book@… to bdubbs@…
Status: newassigned

comment:3 by bdubbs@…, 4 years ago

WebKitGTK+ 2.16.4

  • Fix web process deadlock when seeking youtube videos.
  • Fix blob downloads.
  • Improve theme rendering performance when using GTK+ >= 3.20.
  • Fix positioning of popup menus in Wayland.
  • Fix several crashes and rendering issues.
  • Security fixes: CVE-2017-2538.

comment:4 by bdubbs@…, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 18851.

Note: See TracTickets for help on using tickets.