Overview

File _patchinfo of Package patchinfo.22758

<patchinfo incident="22758">
  <issue tracker="bnc" id="1195735">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0002</issue>
  <issue tracker="bnc" id="1195064">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001</issue>
  <issue tracker="bnc" id="1196133">VUL-0: CVE-2022-22620: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0003</issue>
  <issue tracker="cve" id="2021-30934"/>
  <issue tracker="cve" id="2021-30936"/>
  <issue tracker="cve" id="2021-30951"/>
  <issue tracker="cve" id="2021-30952"/>
  <issue tracker="cve" id="2022-22620"/>
  <issue tracker="cve" id="2021-30953"/>
  <issue tracker="cve" id="2021-30954"/>
  <issue tracker="cve" id="2021-30984"/>
  <issue tracker="cve" id="2022-22594"/>
  <issue tracker="cve" id="2021-45481"/>
  <issue tracker="cve" id="2021-45482"/>
  <issue tracker="cve" id="2021-45483"/>
  <issue tracker="cve" id="2022-22589"/>
  <issue tracker="cve" id="2022-22590"/>
  <issue tracker="cve" id="2022-22592"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>This update for webkit2gtk3 fixes the following issues:

Update to version 2.34.6 (bsc#1196133):

- CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution.

Update to version 2.34.5 (bsc#1195735):

- CVE-2022-22589: A validation issue was addressed with improved input sanitization.
- CVE-2022-22590: A use after free issue was addressed with improved memory management.
- CVE-2022-22592: A logic issue was addressed with improved state management.

Update to version 2.34.4 (bsc#1195064):

- CVE-2021-30934: A buffer overflow issue was addressed with improved memory handling.
- CVE-2021-30936: A use after free issue was addressed with improved memory management.
- CVE-2021-30951: A use after free issue was addressed with improved memory management.
- CVE-2021-30952: An integer overflow was addressed with improved input validation.
- CVE-2021-30953: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2021-30954: A type confusion issue was addressed with improved memory handling.
- CVE-2021-30984: A race condition was addressed with improved state handling.
- CVE-2022-22594: A cross-origin issue in the IndexDB API was addressed with improved input validation.

The following CVEs were addressed in a previous update:

- CVE-2021-45481: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create.
- CVE-2021-45482: A use-after-free in WebCore::ContainerNode::firstChild.
- CVE-2021-45483: A use-after-free in WebCore::Frame::page.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places