Overview

File _patchinfo of Package patchinfo.35193

<patchinfo incident="35193">
  <issue tracker="bnc" id="1228693">VUL-0: CVE-2024-40779: webkit2gtk3,webkitgtk: Out-of-bounds read was addressed with improved bounds checking</issue>
  <issue tracker="bnc" id="1228698">VUL-0: CVE-2024-40794: webkit2gtk3,webkitgtk: Private Browsing tabs may be accessed without authentication</issue>
  <issue tracker="bnc" id="1228696">VUL-0: CVE-2024-40785: webkit2gtk3,webkitgtk: Processing maliciously crafted web content may lead to a cross site scripting attack</issue>
  <issue tracker="bnc" id="1228695">VUL-0: CVE-2024-40782: webkit2gtk3,webkitgtk: Use after free may lead to Remote Code Execution</issue>
  <issue tracker="bnc" id="1228613">VUL-0: CVE-2024-40776: webkit2gtk3, webkitgtk: Use after free may lead to Remote Code Execution</issue>
  <issue tracker="bnc" id="1228697">VUL-0: CVE-2024-40789: webkit2gtk3,webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash</issue>
  <issue tracker="bnc" id="1228694">VUL-0: CVE-2024-40780: webkit2gtk3,webkitgtk: Out-of-bounds read was addressed with improved bounds checking</issue>
  <issue tracker="cve" id="2024-40780"/>
  <issue tracker="cve" id="2024-4558"/>
  <issue tracker="cve" id="2024-40789"/>
  <issue tracker="cve" id="2024-40776"/>
  <issue tracker="cve" id="2024-40782"/>
  <issue tracker="cve" id="2024-40779"/>
  <issue tracker="cve" id="2024-40785"/>
  <issue tracker="cve" id="2024-40794"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>This update for webkit2gtk3 fixes the following issues:

Update to version 2.44.3 (bsc#1228696 bsc#1228697 bsc#1228698):

- Fix web process cache suspend/resume when sandbox is enabled.
- Fix accelerated images dissapearing after scrolling.
- Fix video flickering with DMA-BUF sink.
- Fix pointer lock on X11.
- Fix movement delta on mouse events in GTK3.
- Undeprecate console message API and make it available in 2022 API.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780,
  CVE-2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794,
  CVE-2024-4558.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places