Overview

File _patchinfo of Package patchinfo.23800

<patchinfo incident="23800">
  <issue tracker="bnc" id="1198290">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004</issue>
  <issue tracker="bnc" id="1196133">VUL-0: CVE-2022-22620: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0003</issue> 
  <issue tracker="cve" id="2022-22628"/>
  <issue tracker="cve" id="2022-22629"/>
  <issue tracker="cve" id="2022-22624"/>
  <issue tracker="cve" id="2022-22594"/>
  <issue tracker="cve" id="2022-22637"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>This update for webkit2gtk3 fixes the following issues:

Update to version 2.36.0 (bsc#1198290):

- CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution.
- CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution.
- CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution.
- CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error.

Missing CVE reference for the update to 2.34.6 (bsc#1196133):

- CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API.   
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places