File _patchinfo of Package patchinfo.31574
<patchinfo incident="31574">
<issue tracker="bnc" id="1216778">Unable to read the text of emails in Evolution</issue>
<issue tracker="bnc" id="1217210">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0010</issue>
<issue tracker="cve" id="2023-41983"/>
<issue tracker="cve" id="2023-42852"/>
<issue tracker="cve" id="2022-32919"/>
<issue tracker="cve" id="2022-32933"/>
<issue tracker="cve" id="2022-46705"/>
<issue tracker="cve" id="2022-46725"/>
<issue tracker="cve" id="2023-32359"/>
<packager>mgorse</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for webkit2gtk3</summary>
<description>This update for webkit2gtk3 fixes the following issues:
Update to version 2.42.2 (bsc#1217210):
- CVE-2023-41983: Processing web content may lead to a denial-of-service.
- CVE-2023-42852: Processing web content may lead to arbitrary code execution.
Already previously fixed:
- CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4).
- CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0).
- CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4).
- CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4).
- CVE-2023-32359: A user’s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0).
Bug fixes:
- Disable DMABuf renderer for NVIDIA proprietary drivers (bsc#1216778).
</description>
</patchinfo>
