#9947 closed enhancement (fixed)
webkitgtk-2.18.3
Reported by: | Owned by: | Douglas R. Reno | |
---|---|---|---|
Priority: | high | Milestone: | 8.2 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
New point version.
Change History (3)
comment:1 by , 7 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 7 years ago
Priority: | normal → high |
---|---|
Summary: | webkitgtk-2.18.2 → webkitgtk-2.18.3 |
Update to 2.18.3
NOTES FROM 2.18.2
What’s new in the WebKitGTK+ 2.18.2 release? Fix rendering of arabic text. Fix a crash in the web process when decoding GIF images. Fix rendering of wind in Windy.com. Fix several crashes and rendering issues.
NOTES FROM 2.18.3
What’s new in the WebKitGTK+ 2.18.3 release? Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. Fix handling of null capabilities in WebDriver implementation. Security fixes: CVE-2017-13798, CVE-2017-13788, CVE-2017-13803.
SECURITY STUFF
CVE-2017-13788 Versions affected: WebKitGTK+ before 2.18.3. Credit to xisigr of Tencent’s Xuanwu Lab (tencent.com). Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2017-13798 Versions affected: WebKitGTK+ before 2.18.3. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2017-13803 Versions affected: WebKitGTK+ before 2.18.3. Credit to chenqin (陈钦) of Ant-financial Light-Year Security. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling.
Note:
See TracTickets
for help on using tickets.
Going to go ahead and take this one