Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:GA
patchinfo.8158
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.8158
<patchinfo incident="8158"> <issue tracker="bnc" id="1101999">VUL-1: CVE-2018-12911: webkit2gtk3: off-by-one error, with a resultant out-of-bounds write,in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c andThirdParty/xdgmime/src/</issue> <issue tracker="bnc" id="1104169"></issue> <issue tracker="cve" id="2018-12911"/> <issue id="2018-4261" tracker="cve" /> <issue id="2018-4262" tracker="cve" /> <issue id="2018-4263" tracker="cve" /> <issue id="2018-4264" tracker="cve" /> <issue id="2018-4265" tracker="cve" /> <issue id="2018-4266" tracker="cve" /> <issue id="2018-4267" tracker="cve" /> <issue id="2018-4270" tracker="cve" /> <issue id="2018-4271" tracker="cve" /> <issue id="2018-4272" tracker="cve" /> <issue id="2018-4273" tracker="cve" /> <issue id="2018-4278" tracker="cve" /> <issue id="2018-4284" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>mgorse</packager> <description>This update for webkit2gtk3 to version 2.20.5 fixes the following issues: Security issue fixed: - CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs (bsc#1101999). - CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved memory handling. - CVE-2018-4266: A malicious website may be able to cause a denial of service. A race condition was addressed with additional validation. - CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously crafted web content may lead to an unexpected application crash. A memory corruption issue was addressed with improved input validation. - CVE-2018-4278: A malicious website may exfiltrate audio data cross-origin. Sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking. Other bugs fixed: - Fix rendering artifacts in some web sites due to a bug introduced in 2.20.4. - Fix a crash when leaving accelerated compositing mode. - Fix non-deterministic build failure due to missing JavaScriptCore/JSContextRef.h. </description> <summary>Security update for webkit2gtk3</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor