File _patchinfo of Package patchinfo.6148
<patchinfo incident="6148">
<issue id="1020950" tracker="bnc">VUL-0: webkit2gtk3,webkitgtk,webkitgtk3: WebKitGTK+ Security Advisory WSA-2017-0001</issue>
<issue id="1024749" tracker="bnc">VUL-0: CVE-2017-2350: webkitgtk: Multiple vulnerabilities before version 2.4.14 [WSA-2017-0002]</issue>
<issue id="1050469" tracker="bnc">VUL-0: libqt5-qtwebkit, libQtWebKit4, webkitgtk3, webkitgtk, webkit2gtk3: WebKitGTK+ Security Advisory WSA-2017-0006</issue>
<issue id="1066892" tracker="bnc">VUL-0: webkit2gtk3: multiple security issues fixed</issue>
<issue id="1069925" tracker="bnc">VUL-0: webkit2gtk3: version 2.18.3 released</issue>
<issue id="1073654" tracker="bnc">VUL-0: CVE-2017-13856,CVE-2017-7157,CVE-2017-13856,CVE-2017-13866,CVE-2017-13870: libqt5-qtwebkit,webkit2gtk3,webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution</issue>
<issue id="1075419" tracker="bnc">VUL-0: webkitgtk: speculative side channel attacks on various CPU platforms aka "SpectreAttack" and "MeltdownAttack"</issue>
<issue id="2016-4692" tracker="cve" />
<issue id="2016-4743" tracker="cve" />
<issue id="2016-7586" tracker="cve" />
<issue id="2016-7587" tracker="cve" />
<issue id="2016-7589" tracker="cve" />
<issue id="2016-7592" tracker="cve" />
<issue id="2016-7598" tracker="cve" />
<issue id="2016-7599" tracker="cve" />
<issue id="2016-7610" tracker="cve" />
<issue id="2016-7623" tracker="cve" />
<issue id="2016-7632" tracker="cve" />
<issue id="2016-7635" tracker="cve" />
<issue id="2016-7639" tracker="cve" />
<issue id="2016-7641" tracker="cve" />
<issue id="2016-7645" tracker="cve" />
<issue id="2016-7652" tracker="cve" />
<issue id="2016-7654" tracker="cve" />
<issue id="2016-7656" tracker="cve" />
<issue id="2017-13788" tracker="cve" />
<issue id="2017-13788" tracker="cve" />
<issue id="2017-13798" tracker="cve" />
<issue id="2017-13798" tracker="cve" />
<issue id="2017-13803" tracker="cve" />
<issue id="2017-13803" tracker="cve" />
<issue id="2017-13856" tracker="cve" />
<issue id="2017-13856" tracker="cve" />
<issue id="2017-13866" tracker="cve" />
<issue id="2017-13866" tracker="cve" />
<issue id="2017-13870" tracker="cve" />
<issue id="2017-13870" tracker="cve" />
<issue id="2017-2350" tracker="cve" />
<issue id="2017-2354" tracker="cve" />
<issue id="2017-2355" tracker="cve" />
<issue id="2017-2356" tracker="cve" />
<issue id="2017-2362" tracker="cve" />
<issue id="2017-2363" tracker="cve" />
<issue id="2017-2364" tracker="cve" />
<issue id="2017-2365" tracker="cve" />
<issue id="2017-2366" tracker="cve" />
<issue id="2017-2369" tracker="cve" />
<issue id="2017-2371" tracker="cve" />
<issue id="2017-2373" tracker="cve" />
<issue id="2017-2496" tracker="cve" />
<issue id="2017-2510" tracker="cve" />
<issue id="2017-2539" tracker="cve" />
<issue id="2017-5715" tracker="cve" />
<issue id="2017-5715" tracker="cve" />
<issue id="2017-5753" tracker="cve" />
<issue id="2017-5753" tracker="cve" />
<issue id="2017-5754" tracker="cve" />
<issue id="2017-7006" tracker="cve" />
<issue id="2017-7011" tracker="cve" />
<issue id="2017-7012" tracker="cve" />
<issue id="2017-7018" tracker="cve" />
<issue id="2017-7019" tracker="cve" />
<issue id="2017-7020" tracker="cve" />
<issue id="2017-7030" tracker="cve" />
<issue id="2017-7034" tracker="cve" />
<issue id="2017-7037" tracker="cve" />
<issue id="2017-7038" tracker="cve" />
<issue id="2017-7039" tracker="cve" />
<issue id="2017-7040" tracker="cve" />
<issue id="2017-7041" tracker="cve" />
<issue id="2017-7042" tracker="cve" />
<issue id="2017-7043" tracker="cve" />
<issue id="2017-7046" tracker="cve" />
<issue id="2017-7048" tracker="cve" />
<issue id="2017-7049" tracker="cve" />
<issue id="2017-7052" tracker="cve" />
<issue id="2017-7055" tracker="cve" />
<issue id="2017-7056" tracker="cve" />
<issue id="2017-7059" tracker="cve" />
<issue id="2017-7061" tracker="cve" />
<issue id="2017-7064" tracker="cve" />
<issue id="2017-7081" tracker="cve" />
<issue id="2017-7081" tracker="cve" />
<issue id="2017-7087" tracker="cve" />
<issue id="2017-7087" tracker="cve" />
<issue id="2017-7089" tracker="cve" />
<issue id="2017-7089" tracker="cve" />
<issue id="2017-7090" tracker="cve" />
<issue id="2017-7090" tracker="cve" />
<issue id="2017-7091" tracker="cve" />
<issue id="2017-7091" tracker="cve" />
<issue id="2017-7092" tracker="cve" />
<issue id="2017-7092" tracker="cve" />
<issue id="2017-7093" tracker="cve" />
<issue id="2017-7093" tracker="cve" />
<issue id="2017-7094" tracker="cve" />
<issue id="2017-7094" tracker="cve" />
<issue id="2017-7095" tracker="cve" />
<issue id="2017-7095" tracker="cve" />
<issue id="2017-7096" tracker="cve" />
<issue id="2017-7096" tracker="cve" />
<issue id="2017-7098" tracker="cve" />
<issue id="2017-7098" tracker="cve" />
<issue id="2017-7099" tracker="cve" />
<issue id="2017-7099" tracker="cve" />
<issue id="2017-7100" tracker="cve" />
<issue id="2017-7100" tracker="cve" />
<issue id="2017-7102" tracker="cve" />
<issue id="2017-7102" tracker="cve" />
<issue id="2017-7104" tracker="cve" />
<issue id="2017-7104" tracker="cve" />
<issue id="2017-7107" tracker="cve" />
<issue id="2017-7107" tracker="cve" />
<issue id="2017-7109" tracker="cve" />
<issue id="2017-7109" tracker="cve" />
<issue id="2017-7111" tracker="cve" />
<issue id="2017-7111" tracker="cve" />
<issue id="2017-7117" tracker="cve" />
<issue id="2017-7117" tracker="cve" />
<issue id="2017-7120" tracker="cve" />
<issue id="2017-7120" tracker="cve" />
<issue id="2017-7142" tracker="cve" />
<issue id="2017-7142" tracker="cve" />
<issue id="2017-7156" tracker="cve" />
<issue id="2017-7156" tracker="cve" />
<issue id="2017-7157" tracker="cve" />
<category>security</category>
<rating>important</rating>
<packager>federico-mena</packager>
<description>
This update for webkit2gtk3 fixes the following issues:
Update to version 2.18.5:
+ Disable SharedArrayBuffers from Web API.
+ Reduce the precision of "high" resolution time to 1ms.
+ bsc#1075419 - Security fixes: includes improvements to mitigate
the effects of Spectre and Meltdown (CVE-2017-5753 and CVE-2017-5715).
Update to version 2.18.4:
+ Make WebDriver implementation more spec compliant.
+ Fix a bug when trying to remove cookies before a web process is
spawned.
+ WebKitWebDriver process no longer links to
libjavascriptcoregtk.
+ Fix several memory leaks in GStreamer media backend.
+ bsc#1073654 - Security fixes: CVE-2017-13866, CVE-2017-13870,
CVE-2017-7156, CVE-2017-13856.
Update to version 2.18.3:
+ Improve calculation of font metrics to prevent scrollbars from
being shown unnecessarily in some cases.
+ Fix handling of null capabilities in WebDriver implementation.
+ Security fixes: CVE-2017-13798, CVE-2017-13788, CVE-2017-13803.
Update to version 2.18.2:
+ Fix rendering of arabic text.
+ Fix a crash in the web process when decoding GIF images.
+ Fix rendering of wind in Windy.com.
+ Fix several crashes and rendering issues.
Update to version 2.18.1:
+ Improve performance of GIF animations.
+ Fix garbled display in GMail.
+ Fix rendering of several material design icons when using the
web font.
+ Fix flickering when resizing the window in Wayland.
+ Prevent default kerberos authentication credentials from being
used in ephemeral sessions.
+ Fix a crash when webkit_web_resource_get_data() is cancelled.
+ Correctly handle touchmove and touchend events in
WebKitWebView.
+ Fix the build with enchant 2.1.1.
+ Fix the build in HPPA and Alpha.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2017-7081, CVE-2017-7087, CVE-2017-7089,
CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093,
CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098,
CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104,
CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117,
CVE-2017-7120, CVE-2017-7142.
- Enable gold linker on s390/s390x on SLE15/Tumbleweed.
</description>
<summary>Security update for webkit2gtk3</summary>
</patchinfo>
