File _patchinfo of Package patchinfo.38838

<patchinfo incident="38838">
  <issue tracker="bnc" id="1243289">VUL-0: CVE-2025-31215: webkit2gtk3: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash</issue>
  <issue tracker="bnc" id="1243282">VUL-0: CVE-2025-31205: webkit2gtk3,webkitgtk: webkitgtk: A malicious website may exfiltrate data cross-origin</issue>
  <issue tracker="bnc" id="1243288">VUL-0: CVE-2025-31206: webkit2gtk3: webkitgtk: Processing maliciously crafted web content may lead to an unexpected crash</issue>
  <issue tracker="bnc" id="1243286">VUL-0: CVE-2025-31204: webkit2gtk3: webkitgtk: Processing maliciously crafted web content may lead to memory corruption</issue>
  <issue tracker="bnc" id="1243424">VUL-0: CVE-2025-24223: webkit2gtk3,webkitgtk: webkitgtk: processing maliciously crafted web content may lead to memory corruption</issue>
  <issue tracker="bnc" id="1222905">VUL-0: CVE-2024-23226: webkitgtk3: processing malicious web content may lead to arbitrary code execution</issue>
  <issue tracker="bnc" id="1241158">VUL-0: CVE-2023-42875: libQtWebKit4,libqt5-qtwebkit,webkit2gtk3,webkitgtk: improper memory handling may lead to arbitrary code execution when processing certain web content</issue>
  <issue tracker="bnc" id="1241160">VUL-0: CVE-2023-42970: libQtWebKit4,libqt5-qtwebkit,webkit2gtk3,webkitgtk: improper memory management may lead to use-after-free when processing certain web content</issue>
  <issue tracker="bnc" id="1243596">VUL-0: CVE-2025-31257: webkit2gtk3,webkitgtk:  improper memory handling when processing certain web content may lead to an unexpected crash</issue>
  <issue tracker="cve" id="2024-23226"/>
  <issue tracker="cve" id="2025-31204"/>
  <issue tracker="cve" id="2025-31215"/>
  <issue tracker="cve" id="2025-31257"/>
  <issue tracker="cve" id="2023-42875"/>
  <issue tracker="cve" id="2025-31205"/>
  <issue tracker="cve" id="2023-42970"/>
  <issue tracker="cve" id="2025-24223"/>
  <issue tracker="cve" id="2025-31206"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>This update for webkit2gtk3 fixes the following issues:

Update to version 2.48.2.

Security issues fixed:

- CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website (bsc#1243282).
- CVE-2025-31204: improper memory handling when processing certain web content may lead to memory corruption
  (bsc#1243286).
- CVE-2025-31206: type confusion issue when processing certain web content may lead to an unexpected crash
  (bsc#1243288).
- CVE-2025-31215: lack of checks when processing certain web content may lead to an unexpected crash (bsc#1243289).
- CVE-2025-31257: improper memory handling when processing certain web content may lead to an unexpected crash
  (bsc#1243596).
- CVE-2025-24223: improper memory handling when processing certain web content may lead to memory corruption
  (bsc#1243424).

Other changes and issues fixed:
  
- Enable CSS overscroll behavior by default.
- Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thread safe.
- Fix rendering when device scale factor change comes before the web view geometry update.
- Fix network process crash on exit.
- Fix the build with ENABLE_RESOURCE_USAGE=OFF.
- Fix several crashes and rendering issues.

</description>
</patchinfo>