UbuntuUpdates.org

Package "webkit2gtk"

Name: webkit2gtk

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Web content engine library for GTK - GObject introspection data
  • JavaScript engine library from WebKitGTK - command-line interpreter
  • Web content engine library for GTK
  • Web content engine library for GTK - development files

Latest version: 2.42.5-0ubuntu0.22.04.2
Release: jammy (22.04)
Level: security
Repository: universe

Links



Other versions of "webkit2gtk" in Jammy

Repository Area Version
base universe 2.36.0-2ubuntu1
base main 2.36.0-2ubuntu1
security main 2.42.5-0ubuntu0.22.04.2
updates universe 2.42.5-0ubuntu0.22.04.2
updates main 2.42.5-0ubuntu0.22.04.2
PPA: Ubuntu-desktop ppa 2.38.6-0ubuntu0.22.04.1+wpe1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.40.5-0ubuntu0.22.04.1 2023-08-15 17:07:00 UTC

  webkit2gtk (2.40.5-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * Update to 2.40.5 to fix security issues.
    - CVE-2023-38133, CVE-2023-38572, CVE-2023-38592, CVE-2023-38594,
      CVE-2023-38595, CVE-2023-38597, CVE-2023-38599, CVE-2023-38600,
      CVE-2023-38611
    - debian/patches/fix-jsc-timestamp.patch: removed, included in new
      version.

 -- Marc Deslauriers <email address hidden> Thu, 03 Aug 2023 12:26:06 -0400

Source diff to previous version
CVE-2023-38133 The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura
CVE-2023-38572 The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura
CVE-2023-38592 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5.
CVE-2023-38594 The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura
CVE-2023-38595 The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.
CVE-2023-38597 The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safa
CVE-2023-38599 A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6,
CVE-2023-38600 The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.
CVE-2023-38611 The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, w

Version: 2.40.4-0ubuntu0.22.04.1 2023-07-31 18:07:19 UTC

  webkit2gtk (2.40.4-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * Update to 2.40.4 to fix security issues.
    - debian/control.in: remove libavif-dev as there are no i386 binaries
      for it in 22.04 and it blocks the i386 build.
    - CVE-2023-28204, CVE-2023-32373, CVE-2023-32435, CVE-2023-32439,
      CVE-2023-37450, CVE-2023-32393

 -- Marc Deslauriers <email address hidden> Fri, 21 Jul 2023 12:26:54 -0400

Source diff to previous version
CVE-2023-28204 An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and
CVE-2023-32373 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 a
CVE-2023-32435 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 1
CVE-2023-32439 A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS V
CVE-2023-37450 The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS
CVE-2023-32393 The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. P

Version: 2.38.6-0ubuntu0.22.04.1 2023-05-08 13:07:17 UTC

  webkit2gtk (2.38.6-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * Updated to 2.38.6 to fix security issues.
    - CVE-2023-25358, CVE-2022-0108, CVE-2022-32885, CVE-2023-27932,
      CVE-2023-27954, CVE-2023-28205

 -- Marc Deslauriers <email address hidden> Tue, 25 Apr 2023 07:47:29 -0400

Source diff to previous version
CVE-2023-25358 A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
CVE-2022-0108 Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted H
CVE-2023-28205 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1

Version: 2.38.5-0ubuntu0.22.04.1 2023-02-27 14:07:05 UTC

  webkit2gtk (2.38.5-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * Updated to 2.38.5 to fix security issues.
    - CVE-2023-23529

 -- Marc Deslauriers <email address hidden> Thu, 16 Feb 2023 19:02:20 -0500

Source diff to previous version
CVE-2023-23529 Processing maliciously crafted web content may lead to arbitrary code execution

Version: 2.38.4-0ubuntu0.22.04.1 2023-02-13 14:07:16 UTC

  webkit2gtk (2.38.4-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * Updated to 2.38.4 to fix security issues.
    - CVE-2023-23517, CVE-2023-23518, CVE-2022-42826

 -- Marc Deslauriers <email address hidden> Wed, 08 Feb 2023 14:29:07 -0500

CVE-2023-23517 Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2023-23518 Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2022-42826 Processing maliciously crafted web content may lead to arbitrary code execution



About   -   Send Feedback to @ubuntu_updates