File _patchinfo of Package patchinfo.33307
<patchinfo incident="33307">
<issue tracker="bnc" id="1222010">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2024-0002</issue>
<issue tracker="cve" id="2024-23254"/>
<issue tracker="cve" id="2023-42843"/>
<issue tracker="cve" id="2024-23252"/>
<issue tracker="cve" id="2024-23284"/>
<issue tracker="cve" id="2023-42950"/>
<issue tracker="cve" id="2024-23263"/>
<issue tracker="cve" id="2024-23280"/>
<issue tracker="cve" id="2023-42956"/>
<packager>mgorse</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for webkit2gtk3</summary>
<description>This update for webkit2gtk3 fixes the following issues:
- CVE-2024-23252: Fixed denial of service via crafted web content (bsc#1222010).
- CVE-2024-23254: Fixed possible audio data exilftration cross-origin via malicious website (bsc#1222010).
- CVE-2024-23263: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010).
- CVE-2024-23280: Fixed possible user fingeprint via malicious crafted web content (bsc#1222010).
- CVE-2024-23284: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010).
- CVE-2023-42950: Fixed arbitrary code execution via crafted web content (bsc#1222010).
- CVE-2023-42956: Fixed denial of service via crafted web content (bsc#1222010).
- CVE-2023-42843: Fixed address bar spoofing via malicious website (bsc#1222010).
Other fixes:
- Update to version 2.44.0 (bsc#1222010):
+ Make the DOM accessibility tree reachable from UI process with
GTK4.
+ Removed the X11 and WPE renderers in favor of DMA-BUF.
+ Improved vblank synchronization when rendering.
+ Removed key event reinjection in GTK4 to make keyboard
shortcuts work in web sites.
+ Fix gamepads detection by correctly handling focused window in
GTK4.
</description>
</patchinfo>
