Overview

File _patchinfo of Package patchinfo.28761

<patchinfo incident="28761">
	<issue tracker="bnc" id="1210731">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0003</issue>
  <issue tracker="bnc" id="1210295">VUL-0: CVE-2023-28205: libQtWebKit4,webkit2gtk3,libqt5-qtwebkit,webkitgtk: WebKitGTK: use-after-free leads to arbitrary code execution</issue>
  <issue tracker="cve" id="2023-28205"/>
  <issue tracker="cve" id="2022-0108"/>
  <issue tracker="cve" id="2023-25363"/>
  <issue tracker="cve" id="2022-32912"/>
  <issue tracker="cve" id="2023-25358"/>
  <issue tracker="cve" id="2023-27954"/>
  <issue tracker="cve" id="2022-32885"/>
  <issue tracker="cve" id="2023-27932"/>
  <issue tracker="cve" id="2022-32886"/>
  <issue tracker="cve" id="2023-25361"/>
  <issue tracker="cve" id="2023-25360"/>
  <issue tracker="cve" id="2023-25362"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>This update for webkit2gtk3 fixes the following issues:
Update to version 2.38.6 (bsc#1210731):

- CVE-2022-0108: Fixed information leak.
- CVE-2022-32885: Fixed arbitrary code execution.
- CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer.
- CVE-2023-27932: Fixed Same Origin Policy bypass.
- CVE-2023-27954: Fixed  sensitive user information tracking.
- CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295). 

Already fixed in version 2.38.5:

- CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places