File _patchinfo of Package patchinfo.42050

<patchinfo incident="42050">
  <issue tracker="bnc" id="1255198">VUL-0: CVE-2025-43529: webkit2gtk3: webkitgtk: use-after-free vulnerability may lead to arbitrary code execution</issue>
  <issue tracker="bnc" id="1255194">VUL-0: CVE-2025-43501: webkit2gtk3: webkitgtk: buffer overflow issue may lead to an unexpected process crash</issue>
  <issue tracker="bnc" id="1255200">VUL-0: CVE-2025-43536: webkit2gtk3: webkitgtk: use-after-free vulnerability may lead to an unexpected process crash</issue>
  <issue tracker="bnc" id="1255183">VUL-0: CVE-2025-43531: webkit2gtk3: webkitgtk: maliciously crafted web content may lead to an unexpected process crash</issue>
  <issue tracker="bnc" id="1255195">VUL-0: CVE-2025-43535: webkit2gtk3: webkitgtk: maliciously crafted web content may lead to an unexpected process crash</issue>
  <issue tracker="bnc" id="1255191">VUL-0: CVE-2025-43541: webkit2gtk3: webkitgtk: type confusion may lead to an unexpected crash</issue>
  <issue tracker="bnc" id="1255497">VUL-0: CVE-2025-14174: webkit2gtk3: processing maliciously crafted web content may lead to memory corruption</issue>
  <issue tracker="cve" id="2025-43529"/>
  <issue tracker="cve" id="2025-43501"/>
  <issue tracker="cve" id="2025-43541"/>
  <issue tracker="cve" id="2025-43536"/>
  <issue tracker="cve" id="2025-43535"/>
  <issue tracker="cve" id="2025-43531"/>
  <issue tracker="cve" id="2025-14174"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>This update for webkit2gtk3 fixes the following issues:

Update to version 2.50.4.

Security issues fixed:

- CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation
  (bsc#1255497).
- CVE-2025-43501: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer
  overflow issue (bsc#1255194).
- CVE-2025-43529: processing maliciously crafted web content may lead to arbitrary code execution due to a
  use-after-free issue (bsc#1255198).
- CVE-2025-43531: processing maliciously crafted web content may lead to an unexpected process crash due to a race
  condition (bsc#1255183).
- CVE-2025-43535: processing maliciously crafted web content may lead to an unexpected process crash due to improper
  memory handling (bsc#1255195).
- CVE-2025-43536: processing maliciously crafted web content may lead to an unexpected process crash due to a
  use-after-free issue (bsc#1255200).
- CVE-2025-43541: processing maliciously crafted web content may lead to an unexpected process crash due to type
  confusion (bsc#1255191).

Other updates and bugfixes:

- Version 2.50.4:
  * Correctly handle the program name passed to the sleep disabler.
  * Ensure GStreamer is initialized before using the Quirks.
  * Fix several crashes and rendering issues.
- Fix a11y regression where AT-SPI roles were mapped incorrectly.
</description>
</patchinfo>