UbuntuUpdates.org

Package "webkit2gtk"

Name: webkit2gtk

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • JavaScript engine library from WebKitGTK - GObject introspection data
  • Web content engine library for GTK - GObject introspection data
  • JavaScript engine library from WebKitGTK
  • JavaScript engine library from WebKitGTK - development files

Latest version: 2.38.6-0ubuntu0.20.04.1
Release: focal (20.04)
Level: security
Repository: main

Links



Other versions of "webkit2gtk" in Focal

Repository Area Version
base main 2.28.1-1
base universe 2.28.1-1
security universe 2.38.6-0ubuntu0.20.04.1
updates universe 2.38.6-0ubuntu0.20.04.1
updates main 2.38.6-0ubuntu0.20.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.38.6-0ubuntu0.20.04.1 2023-05-08 13:07:12 UTC

  webkit2gtk (2.38.6-0ubuntu0.20.04.1) focal-security; urgency=medium

  * Updated to 2.38.6 to fix security issues.
    - CVE-2023-25358, CVE-2022-0108, CVE-2022-32885, CVE-2023-27932,
      CVE-2023-27954, CVE-2023-28205

 -- Marc Deslauriers <email address hidden> Tue, 25 Apr 2023 07:47:29 -0400

Source diff to previous version
CVE-2023-25358 A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
CVE-2022-0108 Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted H
CVE-2023-28205 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1

Version: 2.38.5-0ubuntu0.20.04.1 2023-02-27 14:07:01 UTC

  webkit2gtk (2.38.5-0ubuntu0.20.04.1) focal-security; urgency=medium

  * Updated to 2.38.5 to fix security issues.
    - debian/patches/gstreamer_build_fix.patch: removed, included in new
      version.
    - CVE-2023-23529

 -- Marc Deslauriers <email address hidden> Thu, 16 Feb 2023 19:04:12 -0500

Source diff to previous version
CVE-2023-23529 Processing maliciously crafted web content may lead to arbitrary code execution

Version: 2.38.4-0ubuntu0.20.04.2 2023-02-13 14:07:08 UTC

  webkit2gtk (2.38.4-0ubuntu0.20.04.2) focal-security; urgency=medium

  * Updated to 2.38.4 to fix security issues.
    - debian/patches/gstreamer_build_fix.patch: fix build with older
      gstreamer.
    - CVE-2023-23517, CVE-2023-23518, CVE-2022-42826

 -- Marc Deslauriers <email address hidden> Wed, 08 Feb 2023 14:29:07 -0500

Source diff to previous version
CVE-2023-23517 Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2023-23518 Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2022-42826 Processing maliciously crafted web content may lead to arbitrary code execution

Version: 2.38.3-0ubuntu0.20.04.1 2023-01-09 17:07:36 UTC

  webkit2gtk (2.38.3-0ubuntu0.20.04.1) focal-security; urgency=medium

  * Updated to 2.38.3 to fix security issues.
    - CVE-2022-42852, CVE-2022-42856, CVE-2022-42867, CVE-2022-46692,
      CVE-2022-46698, CVE-2022-46699, CVE-2022-46700

 -- Marc Deslauriers <email address hidden> Fri, 06 Jan 2023 08:03:12 -0500

Source diff to previous version
CVE-2022-42852 The issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.
CVE-2022-42856 A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and
CVE-2022-42867 A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and
CVE-2022-46692 A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iP
CVE-2022-46698 A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.
CVE-2022-46699 A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 a
CVE-2022-46700 A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2

Version: 2.38.2-0ubuntu0.20.04.1 2022-11-17 15:07:24 UTC

  webkit2gtk (2.38.2-0ubuntu0.20.04.1) focal-security; urgency=medium

  * Updated to 2.38.2 to fix security issues.
    - debian/patches/*.patch: sync from lunar package.
    - debian/control, debian/rules: use bundled docs since gi-docgen is not
      available in focal.
    - debian/libwebkit2gtk-4.0-37.symbols: updated for new version.
    - CVE-2022-32888, CVE-2022-32923, CVE-2022-42799, CVE-2022-42823,
      CVE-2022-42824

 -- Marc Deslauriers <email address hidden> Thu, 10 Nov 2022 09:34:10 -0500

CVE-2022-32888 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15
CVE-2022-32923 A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13,
CVE-2022-42799 The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS
CVE-2022-42823 A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS
CVE-2022-42824 A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 an



About   -   Send Feedback to @ubuntu_updates