[Buildroot] [PATCH] package/webkitgtk: security bump to version 2.42.5

Peter Korsgaard peter at korsgaard.com
Thu Feb 8 12:57:44 UTC 2024 

>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > https://webkitgtk.org/security/WSA-2024-0001.html

 > - CVE-2024-23222: Processing maliciously crafted web content may lead to
 >   arbitrary code execution.  Apple is aware of a report that this issue may
 >   have been exploited.  Description: A type confusion issue was addressed
 >   with improved checks.

 > - CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint
 >   the user.  Description: An access issue was addressed with improved access
 >   restrictions.

 > - CVE-2024-23213: Processing web content may lead to arbitrary code execution.
 >   Description: The issue was addressed with improved memory handling.

 > - CVE-2023-40414: Processing web content may lead to arbitrary code
 >   execution.  Description: A use-after-free issue was addressed with
 >   improved memory management.

 > - CVE-2023-42833: Processing web content may lead to arbitrary code execution.
 >   Description: A correctness issue was addressed with improved checks.

 > - CVE-2014-1745: Processing a file may lead to a denial-of-service or
 >   potentially disclose memory contents.  Description: The issue was
 >   addressed with improved checks.

 > https://webkitgtk.org/security/WSA-2023-0012.html

 > - CVE-2023-42883: Processing a SVG image may lead to a denial-of-service.
 >   Description: The issue was addressed with improved memory handling.

 > - CVE-2023-42890: Processing web content may lead to arbitrary code
 >   execution.  Description: The issue was addressed with improved memory
 >   handling.

 > https://webkitgtk.org/security/WSA-2023-0011.html

 > - CVE-2023-42916: Processing web content may disclose sensitive information.
 >   Apple is aware of a report that this issue may have been actively
 >   exploited.  Description: An out-of-bounds read was addressed with improved
 >   input validation.

 > - CVE-2023-42917: Processing web content may lead to arbitrary code
 >   execution.  Apple is aware of a report that this issue may have been
 >   actively exploited.  Description: A memory corruption vulnerability was
 >   addressed with improved locking.

 > Add an upstream post-2.42.5 patch to fix an issue with an invalid backport
 > causing a build issue.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

More information about the buildroot mailing list