Overview

File _patchinfo of Package patchinfo.36760

<patchinfo incident="36760">
  <issue tracker="cve" id="2025-24143"/>
  <issue tracker="cve" id="2025-24150"/>
  <issue tracker="cve" id="2025-24158"/>
  <issue tracker="cve" id="2025-24162"/>
  <issue tracker="cve" id="2024-27856"/>
  <issue tracker="cve" id="2024-54479"/>
  <issue tracker="cve" id="2024-54502"/>
  <issue tracker="cve" id="2024-54505"/>
  <issue tracker="cve" id="2024-54508"/>
  <issue tracker="cve" id="2024-54534"/>
  <issue tracker="cve" id="2024-54543"/>
  <issue tracker="cve" id="2024-54658"/>
  <issue tracker="bnc" id="1236946">VUL-0: CVE-2024-27856, CVE-2024-54543,CVE-2024-54658,CVE-2025-24143,CVE-2025-24150, CVE-2025-24158,CVE-2025-24162: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2025-0001</issue>
  <issue tracker="bnc" id="1234851">VUL-0: CVE-2024-54479,CVE-2024-54502,CVE-2024-54505,CVE-2024-54508,CVE-2024-54534: webkitgtk, webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2024-0008</issue>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>This update for webkit2gtk3 fixes the following issues:

Update to version 2.46.6 (bsc#1236946, bsc#1234851):

- CVE-2025-24143: A maliciously crafted webpage may be able to fingerprint the user.
- CVE-2025-24150: Copying a URL from Web Inspector may lead to command injection.
- CVE-2025-24158: Processing web content may lead to a denial-of-service.
- CVE-2025-24162: Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2024-54505: Processing maliciously crafted web content may lead to memory corruption.
- CVE-2024-54508: Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2024-54543: Processing maliciously crafted web content may lead to memory corruption.
    
Already fixed in previous releases:

- CVE-2024-27856: Processing a file may lead to unexpected app termination or arbitrary code execution.
- CVE-2024-54534: Processing maliciously crafted web content may lead to memory corruption.
- CVE-2024-54658: Processing web content may lead to a denial-of-service.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places