Overview

File _patchinfo of Package patchinfo.27316

<patchinfo incident="27316">
  <issue tracker="bnc" id="1207997">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0001</issue>
  <issue tracker="bnc" id="1206750">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011</issue>
  <issue tracker="bnc" id="1208328">VUL-0: CVE-2023-23529: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0002</issue>
  <issue tracker="cve" id="2022-42863"/>
  <issue tracker="cve" id="2022-42852"/>
  <issue tracker="cve" id="2022-46691"/>
  <issue tracker="cve" id="2022-46699"/>
  <issue tracker="cve" id="2022-46692"/>
  <issue tracker="cve" id="2022-46698"/>
  <issue tracker="cve" id="2022-42867"/>
  <issue tracker="cve" id="2022-46700"/>
  <issue tracker="cve" id="2023-23517"/>
  <issue tracker="cve" id="2023-23518"/>
  <issue tracker="cve" id="2022-42826"/>
  <issue tracker="cve" id="2023-23529"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>This update for webkit2gtk3 fixes the following issues:

Update to version 2.38.5 (boo#1208328):

- CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content.

Update to version 2.38.4 (boo#1207997):

- CVE-2023-23517: Fixed web content processing that could have led to arbitrary code execution.
- CVE-2023-23518: Fixed web content processing that could have led to arbitrary code execution.
- CVE-2022-42826: Fixed a use-after-free issue that was caused by improper memory management.


New CVE and bug references where added for already released updates:

Update to version 2.38.3 (boo#1206750):

- CVE-2022-42852: Fixed disclosure of process memory by improved memory handling.
- CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management.
- CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management.
- CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks.
- CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption.
- CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content.

Update to version 2.38.1:

- CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content.

Update to version 2.38.0:

- CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places