Overview

File _patchinfo of Package patchinfo.26885

<patchinfo incident="26885">
  <issue tracker="bnc" id="1205120">VUL-0: CVE-2022-42823: webkitgtk: A type confusion issue was addressed with improved memory handling</issue>
  <issue tracker="bnc" id="1205121">VUL-0: CVE-2022-32888: webkitgtk: out-of-bounds write issue was addressed with improved bounds checking</issue>
  <issue tracker="bnc" id="1205122">VUL-0: CVE-2022-32923: webkitgtk: A correctness issue in the JIT was addressed with improved checks</issue>
  <issue tracker="bnc" id="1205123">VUL-0: CVE-2022-42799: webkitgtk: a issue was addressed with improved UI handling</issue>
  <issue tracker="bnc" id="1205124">VUL-0: CVE-2022-42824: webkitgtk: A logic issue was addressed with improved state management</issue>
  <issue tracker="cve" id="2022-32888"/>
  <issue tracker="cve" id="2022-32923"/>
  <issue tracker="cve" id="2022-42799"/>
  <issue tracker="cve" id="2022-42823"/>
  <issue tracker="cve" id="2022-42824"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>
Security fixes:

- CVE-2022-32888: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205121).
- CVE-2022-32923: Fixed possible information leak via maliciously crafted web content (bsc#1205122).
- CVE-2022-42799: Fixed user interface spoofing when visiting a malicious website (bsc#1205123).
- CVE-2022-42823: Fixed possible arbitrary code execution via maliciously crafted web content (bsc#1205120).
- CVE-2022-42824: Fixed possible sensitive user information leak via maliciously crafted web content (bsc#1205124).

Update to version 2.38.2:

  - Fix scrolling issues in some sites having fixed background.
  - Fix prolonged buffering during progressive live playback.
  - Fix the build with accessibility disabled.
  - Fix several crashes and rendering issues.
    
Update to version 2.38.1:

  - Make xdg-dbus-proxy work if host session bus address is an
    abstract socket.
  - Use a single xdg-dbus-proxy process when sandbox is enabled.
  - Fix high resolution video playback due to unimplemented
    changeType operation.
  - Ensure GSubprocess uses posix_spawn() again and inherit file
    descriptors.
  - Fix player stucking in buffering (paused) state for progressive
    streaming.
  - Do not try to preconnect on link click when link preconnect
    setting is disabled.
  - Fix close status code returned when the client closes a
    WebSocket in some cases.
  - Fix media player duration calculation.
  - Fix several crashes and rendering issues.

Update to version 2.38.0:

  - New media controls UI style.
  - Add new API to set WebView's Content-Security-Policy for web
    extensions support.
  - Make it possible to use the remote inspector from other
    browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var.
  - MediaSession is enabled by default, allowing remote media
    control using MPRIS.
  - Add support for PDF documents using PDF.js.
  </description>
</patchinfo>
openSUSE Build Service is sponsored by
Places