Overview

File _patchinfo of Package patchinfo.30646

<patchinfo incident="30646">
  <issue tracker="bnc" id="1213379">VUL-0: CVE-2023-37450: webkit2gtk3: arbitrary code execution</issue>
  <issue tracker="bnc" id="1214093">openSUSE-SLE-15.4-2023-3233 fails to install due to missing libwebkit2gtk3 = 2.40.5</issue>
  <issue tracker="bnc" id="1215230">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0008</issue>
  <issue tracker="bnc" id="1214835">15.5 patch cant get handled automatically? -  openSUSE-SLE-15.5-2023-3413-1</issue>
  <issue tracker="bnc" id="1213581">VUL-0: CVE-2023-32393: webkit2gtk3: Processing web content may lead to arbitrary code execution</issue>
  <issue tracker="bnc" id="1214640">Dependency issue with WebKit2GTK in patch:openSUSE-SLE-15.4-2023-3419-1.noarch</issue>
  <issue tracker="bnc" id="1215072">L3: error when starting emacs, because dependency missing to wayland package.</issue>
  <issue tracker="bnc" id="1213905">VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0007</issue>
  <issue tracker="cve" id="2023-38600"/>
  <issue tracker="cve" id="2023-37450"/>
  <issue tracker="cve" id="2023-28198"/>
  <issue tracker="cve" id="2023-32370"/>
  <issue tracker="cve" id="2023-38611"/>
  <issue tracker="cve" id="2023-40397"/>
  <issue tracker="cve" id="2023-38599"/>
  <issue tracker="cve" id="2023-38595"/>
  <issue tracker="cve" id="2023-38597"/>
  <issue tracker="cve" id="2023-38594"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>This update for webkit2gtk3 fixes the following issues:

- Expand lang sub-package in spec file unconditionally to handle
  previous name change from WebKit2GTK-lang to WebKitGTK-lang. This
  change affected the automatic generated Requires tag on
  WebKit2GTK-%{_apiver}, then getting out of sync of what's being
  required and what's being provided. Now, any sub-package that was
  providing WebKit2GTK-%{_apiver} will provide WebKitGTK-%{_apiver}
  instead (bsc#1214835, bsc#1214640, bsc#1214093).

- Require libwaylandclient0 &gt;= 1.20. 15.4 originally had 1.19.0,
  but webkitgtk uses a function added in 1.20.0, so we need to
  ensure that the wayland update is pulled in (bsc#1215072).

- Update to version 2.40.5 (bsc#1213905 bsc#1213379 bsc#1213581
  bsc#1215230):
    CVE-2023-38594, CVE-2023-38595, CVE-2023-38597,
    CVE-2023-38599, CVE-2023-38600, CVE-2023-38611,
    CVE-2023-40397, CVE-2023-37450, CVE-2023-28198,
    CVE-2023-32370
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places