Overview

File _patchinfo of Package patchinfo.29343

<patchinfo incident="29343">                                                                   
  <issue tracker="bnc" id="1211659">VUL-0: CVE-2023-28204: webkit2gtk3: an out-of-bounds read when processing malicious content</issue>
  <issue tracker="bnc" id="1211846">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0004</issue>
  <issue tracker="bnc" id="1211658">VUL-0: CVE-2023-32373: webkit2gtk3: a use-after-free when processing maliciously crafted web content</issue>
  <issue tracker="bnc" id="1213905">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0007</issue>
  <issue tracker="bnc" id="1212863">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0005</issue>
  <issue tracker="cve" id="2023-28204"/>     
  <issue tracker="cve" id="2023-32373"/>
  <issue tracker="cve" id="2023-32435"/>
  <issue tracker="cve" id="2023-38133"/>
  <issue tracker="cve" id="2023-38572"/>
  <issue tracker="cve" id="2023-38592"/>
  <issue tracker="cve" id="2023-38594"/>
  <issue tracker="cve" id="2023-38595"/>
  <issue tracker="cve" id="2023-38597"/>
  <issue tracker="cve" id="2023-38599"/>
  <issue tracker="cve" id="2023-38600"/>
  <issue tracker="cve" id="2023-38611"/>
  <issue tracker="cve" id="2022-48503"/>
  <issue tracker="cve" id="2023-32439"/>
  <packager>mgorse</packager>
  <rating>important</rating>                                                                    
  <category>security</category>                                                                
  <summary>Security update for webkit2gtk3</summary>                    
  <description>This update for webkit2gtk3 fixes the following issues:        

Update to version 2.40.5 (bsc#1213905):

- CVE-2023-38133: Fixed information disclosure.
- CVE-2023-38572: Fixed Same-Origin-Policy bypass.
- CVE-2023-38592: Fixed arbitrary code execution.
- CVE-2023-38594: Fixed arbitrary code execution.
- CVE-2023-38595: Fixed arbitrary code execution.
- CVE-2023-38597: Fixed arbitrary code execution.
- CVE-2023-38599: Fixed sensitive user information tracking.
- CVE-2023-38600: Fixed arbitrary code execution.
- CVE-2023-38611: Fixed arbitrary code execution.
- CVE-2022-48503: Fixed arbitrary code execution.
- CVE-2023-32439: Fixed arbitrary code execution.
- CVE-2023-32435: Fixed arbitrary code execution.
                                                                                               
Add security patches (bsc#1211846):                                                            
                                                                                               
- CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659).
- CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places