File _patchinfo of Package patchinfo.40067

<patchinfo incident="40067">
  <issue tracker="bnc" id="1247599">VUL-0: CVE-2025-43240: webkitgtk: A download&#8217;s origin may be incorrectly associated</issue>
  <issue tracker="bnc" id="1247598">VUL-0: CVE-2025-43228: webkitgtk: Visiting a malicious website may lead to address bar spoofing</issue>
  <issue tracker="bnc" id="1247597">VUL-0: CVE-2025-43227: webkitgtk: Processing maliciously crafted web content may disclose sensitive user information</issue>
  <issue tracker="bnc" id="1247600">VUL-0: CVE-2025-43265: webkitgtk: Processing maliciously crafted web content may disclose internal states of the app</issue>
  <issue tracker="bnc" id="1247596">VUL-0: CVE-2025-43216: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash</issue>
  <issue tracker="bnc" id="1247595">VUL-0: CVE-2025-43212: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash</issue>
  <issue tracker="bnc" id="1247563">VUL-0: CVE-2025-31278: webkit2gtk3: processing maliciously crafted web content may lead to memory corruption</issue>
  <issue tracker="bnc" id="1247564">VUL-0: CVE-2025-31273: webkit2gtk3: processing maliciously crafted web content may lead to memory corruption</issue>
  <issue tracker="bnc" id="1247562">VUL-0: CVE-2025-43211: webkit2gtk3: processing web content may lead to a denial-of-service</issue>
  <issue tracker="bnc" id="1247742">VUL-0: CVE-2025-6558: webkit2gtk3: Processing maliciously crafted web content may lead to an unexpected Safari crash</issue>                                                                                                                      <issue tracker="cve" id="2025-43228"/>
  <issue tracker="cve" id="2025-6558"/>
  <issue tracker="cve" id="2025-43265"/>
  <issue tracker="cve" id="2025-31273"/>
  <issue tracker="cve" id="2025-43216"/>
  <issue tracker="cve" id="2025-43227"/>
  <issue tracker="cve" id="2025-43211"/>
  <issue tracker="cve" id="2025-24201"/>
  <issue tracker="cve" id="2025-31278"/>
  <issue tracker="cve" id="2025-43212"/>
  <issue tracker="cve" id="2024-54467"/>
  <issue tracker="cve" id="2025-24189"/>
  <issue tracker="cve" id="2024-44192"/>
  <issue tracker="cve" id="2025-43240"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for webkit2gtk3</summary>
  <description>This update for webkit2gtk3 fixes the following issues:

Updated to version 2.48.5:                                                                                                                                                                                                                                                          
  - CVE-2025-31273: Fixed a vulnerability where processing maliciously crafted web content could lead to memory corruption. (bsc#1247564)                                                                                                                                           
  - CVE-2025-31278: Fixed a vulnerability where processing maliciously crafted web content may lead to memory corruption. (bsc#1247563)                                                                                                                                             
  - CVE-2025-43211: Fixed a vulnerability where processing web content may lead to a denial-of-service. (bsc#1247562)                                                                                                                                                               
  - CVE-2025-43212: Fixed a vulnerability where processing maliciously crafted web content may lead to an unexpected Safari crash. (bsc#1247595)                                                                                                                                    
  - CVE-2025-43216: Fixed a vulnerability where processing maliciously crafted web content may lead to an unexpected Safari crash. (bsc#1247596)                                                                                                                                    
  - CVE-2025-43227: Fixed a vulnerability where processing maliciously crafted web content may disclose sensitive user information. (bsc#1247597)                                                                                                                                   
  - CVE-2025-43228: Fixed a vulnerability where visiting a malicious website may lead to address bar spoofing. (bsc#1247598)                                                                                                                                                        
  - CVE-2025-43240: Fixed a vulnerability where a download's origin may be incorrectly associated. (bsc#1247599)                                                                                                                                                                    
  - CVE-2025-43265: Fixed a vulnerability where processing maliciously crafted web content may disclose internal states of the app. (bsc#1247600)                                                                                                                                   
  - CVE-2025-6558: Fixed a vulnerability where processing maliciously crafted web content may lead to an unexpected Safari crash. (bsc#1247742)

Other fixes:
- Improve emoji font selection with USE_SKIA=ON.
- Improve playback of multimedia streams from blob URLs.
- Fix the build with USE_SKIA_OPENTYPE_SVG=ON and
  USE_SYSPROF_CAPTURE=ON.
- Fix crash when using a WebKitWebView widget in an offscreen
  window.
- Fix several crashes and rendering issues.
- Fix a crash introduced by the new threaded rendering
  implementation using Skia API.
- Improve rendering performance by recording layers once and
  replaying every dirty region in different worker threads.
- Fix a crash when setting WEBKIT_SKIA_GPU_PAINTING_THREADS=0.
- Fix a reference cycle in webkitmediastreamsrc preventing its
  disposal.
- Increase mem_per_process again to avoid running out of memory.
</description>
</patchinfo>