Overview

File _patchinfo of Package patchinfo.17638

<patchinfo incident="17638">
  <issue tracker="bnc" id="1171531">[bug] libwebkit2gtk 2.26.2 to 2.28.2 is a major change, not minor</issue>
  <issue tracker="bnc" id="1177087">webkit2gtk3 fails to build on aarch64 since update to 2.30.0</issue>
  <issue tracker="bnc" id="1179122">VUL-0: CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9952, CVE-2020-9983: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2020-0008</issue>
  <issue tracker="bnc" id="1179451">VUL-0: CVE-2020-13543: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2020-0009</issue>
  <issue tracker="cve" id="2020-9948"/>
  <issue tracker="cve" id="2020-9951"/>
  <issue tracker="cve" id="2020-9983"/>
  <issue tracker="cve" id="2020-13543"/>
  <issue tracker="cve" id="2020-13584"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>This update for webkit2gtk3 fixes the following issues:

-webkit2gtk3 was updated to version 2.30.3 (bsc#1179122 bsc#1179451):
   - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution.
   - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code execution.
   - CVE-2021-9948: Fixed a type confusion which could have led to arbitrary code execution.
   - CVE-2021-9951: Fixed a use after free which could have led to arbitrary code execution.
   - CVE-2021-9983: Fixed an out of bounds write which could have led to arbitrary code execution.
   - Have the libwebkit2gtk package require libjavascriptcoregtk of
     the same version (bsc#1171531).
   - Enable c_loop on aarch64: currently needed for compilation to
     succeed with JIT disabled. Also disable sampling profiler, since
     it conflicts with c_loop (bsc#1177087).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places