File _patchinfo of Package patchinfo.43388
<patchinfo incident="43388"> <!--generated with prepare-update from request 404473--> <issue tracker="bnc" id="1259934">VUL-0: CVE-2026-20676: webkit2gtk3: a website may be able to track users through web extensions</issue> <issue tracker="bnc" id="1259935">VUL-0: CVE-2026-20652: webkit2gtk3: a remote attacker may be able to cause a denial-of-service</issue> <issue tracker="bnc" id="1259936">VUL-0: CVE-2026-20644: webkit2gtk3: processing maliciously crafted web content may lead to an unexpected process crash</issue> <issue tracker="bnc" id="1259937">VUL-0: CVE-2026-20636: webkit2gtk3: processing maliciously crafted web content may lead to an unexpected process crash</issue> <issue tracker="bnc" id="1259938">VUL-0: CVE-2026-20635: webkit2gtk3: processing maliciously crafted web content may lead to an unexpected process crash</issue> <issue tracker="bnc" id="1259939">VUL-0: CVE-2026-20608: webkit2gtk3: processing maliciously crafted web content may lead to an unexpected process crash</issue> <issue tracker="bnc" id="1259940">VUL-0: CVE-2025-46299: webkit2gtk3: processing maliciously crafted web content may disclose internal states of an app</issue> <issue tracker="bnc" id="1259941">VUL-0: CVE-2025-43511: webkit2gtk3: processing maliciously crafted web content may lead to an unexpected process crash</issue> <issue tracker="bnc" id="1259942">VUL-0: CVE-2025-43457: webkit2gtk3: processing maliciously crafted web content may lead to an unexpected crash</issue> <issue tracker="bnc" id="1259943">VUL-0: CVE-2025-43441: webkit2gtk3: processing maliciously crafted web content may lead to an unexpected process crash</issue> <issue tracker="bnc" id="1259944">VUL-0: CVE-2025-43438: webkit2gtk3: processing maliciously crafted web content may lead to an unexpected crash</issue> <issue tracker="bnc" id="1259945">VUL-0: CVE-2025-43433: webkit2gtk3: processing maliciously crafted web content may lead to memory corruption</issue> <issue tracker="bnc" id="1259946">VUL-0: CVE-2025-43214: webkit2gtk3: processing maliciously crafted web content may lead to an unexpected crash</issue> <issue tracker="bnc" id="1259947">VUL-0: CVE-2025-43213: webkit2gtk3: processing maliciously crafted web content may lead to an unexpected crash</issue> <issue tracker="bnc" id="1259948">VUL-0: CVE-2025-31277: webkit2gtk3: processing maliciously crafted web content may lead to memory corruption</issue> <issue tracker="bnc" id="1259949">VUL-0: CVE-2025-31223: webkit2gtk3: processing maliciously crafted web content may lead to memory corruption</issue> <issue tracker="bnc" id="1259950">VUL-0: CVE-2023-43010: webkit2gtk3: processing maliciously crafted web content may lead to memory corruption</issue> <issue tracker="cve" id="2023-42843"/> <issue tracker="cve" id="2023-43010"/> <issue tracker="cve" id="2024-54658"/> <issue tracker="cve" id="2025-13502"/> <issue tracker="cve" id="2025-31223"/> <issue tracker="cve" id="2025-31277"/> <issue tracker="cve" id="2025-43213"/> <issue tracker="cve" id="2025-43214"/> <issue tracker="cve" id="2025-43368"/> <issue tracker="cve" id="2025-43419"/> <issue tracker="cve" id="2025-43433"/> <issue tracker="cve" id="2025-43434"/> <issue tracker="cve" id="2025-43438"/> <issue tracker="cve" id="2025-43440"/> <issue tracker="cve" id="2025-43441"/> <issue tracker="cve" id="2025-43443"/> <issue tracker="cve" id="2025-43457"/> <issue tracker="cve" id="2025-43511"/> <issue tracker="cve" id="2025-46299"/> <issue tracker="cve" id="2026-20608"/> <issue tracker="cve" id="2026-20635"/> <issue tracker="cve" id="2026-20636"/> <issue tracker="cve" id="2026-20644"/> <issue tracker="cve" id="2026-20652"/> <issue tracker="cve" id="2026-20676"/> <category>security</category> <rating>important</rating> <packager>mgorse</packager> <summary>Security update for webkit2gtk3</summary> <description>This update for webkit2gtk3 fixes the following issues: Update to version 2.52.0: - CVE-2023-43010: processing maliciously crafted web content may lead to memory corruption (bsc#1259950). - CVE-2025-31223: processing maliciously crafted web content may lead to memory corruption (bsc#1259949). - CVE-2025-31277: processing maliciously crafted web content may lead to memory corruption (bsc#1259948). - CVE-2025-43213: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259947). - CVE-2025-43214: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259946). - CVE-2025-43433: processing maliciously crafted web content may lead to memory corruption (bsc#1259945). - CVE-2025-43438: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259944). - CVE-2025-43441: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259943). - CVE-2025-43457: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259942). - CVE-2025-43511: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259941). - CVE-2025-46299: processing maliciously crafted web content may disclose internal states of an app (bsc#1259940). - CVE-2026-20608: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259939). - CVE-2026-20635: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259938). - CVE-2026-20636: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259937). - CVE-2026-20644: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259936). - CVE-2026-20652: a remote attacker may be able to cause a denial-of-service (bsc#1259935). - CVE-2026-20676: a website may be able to track users through web extensions (bsc#1259934). Changelog: + Make scrolling with touch input smoother for small movements. + Fix estimated load progress of downloads when Content-Length value is wrong. + Ensure that "scrollend" events are correctly emitted after scroll animations. + Fix several crashes and rendering issues. </description> </patchinfo>
