UbuntuUpdates.org

Package "libjavascriptcoregtk-4.1-dev"

Name: libjavascriptcoregtk-4.1-dev

Description:

JavaScript engine library from WebKitGTK - development files
Latest version: 2.50.4-0ubuntu0.22.04.1
Release: jammy (22.04)
Level: security
Repository: main
Head package: webkit2gtk
Homepage: https://webkitgtk.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libjavascriptcoregtk-4.1-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libjavascriptcoregtk-4.1-dev" in Jammy

Repository Area Version
updates main 2.50.4-0ubuntu0.22.04.1

Changelog

Version: 2.50.4-0ubuntu0.22.04.1 2026-01-13 18:07:44 UTC

  webkit2gtk (2.50.4-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * Update to 2.50.4 to fix security issues.
    - CVE-2025-14174, CVE-2025-43501, CVE-2025-43529, CVE-2025-43531,
      CVE-2025-43535, CVE-2025-43536, CVE-2025-43541

 -- Marc Deslauriers <email address hidden> Tue, 06 Jan 2026 08:15:42 -0500
Source diff to previous version
CVE-2025-14174 Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access
CVE-2025-43501 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and i
CVE-2025-43529 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3,
CVE-2025-43531 A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2
CVE-2025-43535 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, ma
CVE-2025-43536 A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2,
CVE-2025-43541 A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPa

Version: 2.50.3-0ubuntu0.22.04.1 2026-01-05 16:10:29 UTC

  webkit2gtk (2.50.3-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * Update to 2.50.3 to fix security issues.
    - Dropped patches no longer needed:
      + debian/patches/fix-link-error.patch
      + debian/patches/fix-crash.patch
    - CVE-2025-13947
    - CVE-2025-43421
    - CVE-2025-43458
    - CVE-2025-66287

 -- Marc Deslauriers <email address hidden> Tue, 09 Dec 2025 08:40:46 -0500
Source diff to previous version
CVE-2025-13947 A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted
CVE-2025-43421 Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.
CVE-2025-43458 This issue was addressed through improved state management. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.
CVE-2025-66287 A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

Version: 2.50.2-0ubuntu0.22.04.2 2025-12-09 18:31:18 UTC

  webkit2gtk (2.50.2-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * Update to 2.50.2 to fix security issues.
    - Add patches from resolute package:
      + debian/patches/fix-link-error.patch:
      + debian/patches/fix-crash.patch:
    - CVE-2025-43392, CVE-2025-43425, CVE-2025-43427, CVE-2025-43429,
      CVE-2025-43430, CVE-2025-43431, CVE-2025-43432, CVE-2025-43434,
      CVE-2025-43440, CVE-2025-43443

 -- Marc Deslauriers <email address hidden> Mon, 01 Dec 2025 07:32:52 -0500
Source diff to previous version
CVE-2025-43392 The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. A website may exfiltrate image data cr
CVE-2025-43425 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvO
CVE-2025-43427 This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, Safari 26.1, visionOS 26.1. P
CVE-2025-43429 A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted we
CVE-2025-43430 This issue was addressed through improved state management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1
CVE-2025-43431 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web conten
CVE-2025-43432 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and i
CVE-2025-43434 A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously cra
CVE-2025-43440 This issue was addressed with improved checks This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. P
CVE-2025-43443 This issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may le

Version: 2.50.1-0ubuntu0.22.04.1 2025-11-27 19:55:22 UTC

  webkit2gtk (2.50.1-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * Update to 2.50.1 to fix security issues.
    - CVE-2025-43343
  * debian/patches, debian/source/lintian-overrides, debian/copyright,
    debian/gbp.conf, debian/*symbols, debian/upstream/*: sync with resolute
    package.
  * debian/control*, debian/rules: build with gcc-12 since gcc-11 which is
    the default on Jammy is no longer supported.
  * Attempt to limit virtual memory exhaustion on 32-bit platforms when
    building
    - debian/rules: limit parallel builds on i386 and armhf.
    - debian/rules: build with -O1 and -g0 on 32-bit platforms.

 -- Marc Deslauriers <email address hidden> Wed, 29 Oct 2025 09:40:19 -0400
Source diff to previous version
CVE-2025-43343 The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Proc

Version: 2.48.7-0ubuntu0.22.04.2 2025-10-09 21:07:34 UTC

  webkit2gtk (2.48.7-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * Update to 2.48.7 to fix security issues.
    - CVE-2025-43272, CVE-2025-43342, CVE-2025-43356, CVE-2025-43368
  * debian/patches/fix-ftbfs-armv7.patch: removed, included in new version.
  * debian/patches/fix-ftbfs-op_instanceof_return_location.patch: fix new
    op_instanceof_return_location build issue.

 -- Marc Deslauriers <email address hidden> Thu, 02 Oct 2025 08:41:44 -0400
CVE-2025-43272 The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 2
CVE-2025-43342 A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26,
CVE-2025-43356 The issue was addressed with improved handling of caches. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 2
CVE-2025-43368 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Process


About   -   Send Feedback to @ubuntu_updates