Overview

File _patchinfo of Package patchinfo.27283

<patchinfo incident="27283">
  <issue tracker="bnc" id="1206474">VUL-0: CVE-2022-42856: webkitgtk,webkit2gtk3,webkitgtk3: webkitgtk: processing maliciously crafted web content may lead to an arbitrary code execution</issue>
  <issue tracker="cve" id="2022-42856"/>
  <issue tracker="bnc" id="1206750">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011 </issue>
  <issue tracker="cve" id="2022-42852"/>
  <issue tracker="cve" id="2022-42863"/>
  <issue tracker="cve" id="2022-42867"/>
  <issue tracker="cve" id="2022-46691"/>
  <issue tracker="cve" id="2022-46692"/>
  <issue tracker="cve" id="2022-46698"/>
  <issue tracker="cve" id="2022-46699"/>
  <issue tracker="cve" id="2022-46700"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>This update for webkit2gtk3 fixes the following issues:

Update to version 2.38.3:

- CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474).
- CVE-2022-42852: Fixed disclosure of process memory by improved memory handling.
- CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management.
- CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management.
- CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks.
- CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption.
- CVE-2022-46700: Fixed an arbitrary code execution caused by memory corruption.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places