UbuntuUpdates.org

Package "webkit2gtk"

Name: webkit2gtk

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • JavaScript engine library from WebKitGTK - GObject introspection data
  • JavaScript engine library from WebKitGTK - GObject introspection data
  • Web content engine library for GTK - GObject introspection data
  • Web content engine library for GTK - GObject introspection data

Latest version: 2.46.4-0ubuntu0.24.04.1
Release: noble (24.04)
Level: updates
Repository: main

Links



Other versions of "webkit2gtk" in Noble

Repository Area Version
base universe 2.44.0-2
base main 2.44.0-2
security main 2.46.4-0ubuntu0.24.04.1
security universe 2.46.4-0ubuntu0.24.04.1
updates universe 2.46.4-0ubuntu0.24.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.46.4-0ubuntu0.24.04.1 2024-12-09 16:06:51 UTC

  webkit2gtk (2.46.4-0ubuntu0.24.04.1) noble-security; urgency=medium

  * Update to 2.46.4 to fix security issues.
    - CVE-2024-44308
    - CVE-2024-44309

 -- Marc Deslauriers <email address hidden> Tue, 03 Dec 2024 07:22:22 -0500

Source diff to previous version
CVE-2024-44308 The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 an
CVE-2024-44309 A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Seq

Version: 2.46.3-0ubuntu0.24.04.1 2024-11-18 17:06:53 UTC

  webkit2gtk (2.46.3-0ubuntu0.24.04.1) noble-security; urgency=medium

  * Update to 2.46.3 to fix security issues.
    - debian/control-common.in: no longer mark -dev packages as Multi-Arch:
      same because they are now different on s390x.
    - CVE-2024-44244
    - CVE-2024-44296

 -- Marc Deslauriers <email address hidden> Wed, 13 Nov 2024 09:09:02 -0500

Source diff to previous version
CVE-2024-44244 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1,
CVE-2024-44296 The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1,

Version: 2.46.1-0ubuntu0.24.04.1 2024-10-22 18:06:56 UTC

  webkit2gtk (2.46.1-0ubuntu0.24.04.1) noble-security; urgency=medium

  * Build 2.46.1 for noble to fix security issues.
    - debian/rules: set USE_OLD_WEBDRIVER_PKG=YES.
    - CVE-2024-40866
    - CVE-2024-44187

 -- Marc Deslauriers <email address hidden> Tue, 08 Oct 2024 11:24:41 -0400

Source diff to previous version
CVE-2024-40866 The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar sp
CVE-2024-44187 A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18,

Version: 2.44.3-0ubuntu0.24.04.1 2024-09-09 15:07:14 UTC

  webkit2gtk (2.44.3-0ubuntu0.24.04.1) noble-security; urgency=medium

  * Update to 2.44.3 to fix security issues.
    - CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782,
      CVE-2024-40789, CVE-2024-4558

 -- Marc Deslauriers <email address hidden> Thu, 05 Sep 2024 09:55:49 -0400

Source diff to previous version
CVE-2024-40776 A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and
CVE-2024-40779 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPa
CVE-2024-40780 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPa
CVE-2024-40782 A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and
CVE-2024-40789 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6
CVE-2024-4558 Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML

Version: 2.44.2-0ubuntu0.24.04.2 2024-06-27 21:07:21 UTC

  webkit2gtk (2.44.2-0ubuntu0.24.04.2) noble; urgency=medium

  * Convert disable-dmabuf-nvidia.patch to disable-dmabuf.patch,
    adding detection for Broadcom to work around corruption and crashes
    occurring in Raspberry Pi X11 sessions. (LP: #2037015, LP: #2062146)

 -- Daniel van Vugt <email address hidden> Tue, 04 Jun 2024 15:34:16 +0800

2037015 Screen corruption of webkit2gtk apps in X11 on Raspberry Pi, such as during install
2062146 Raspberry Pi: webkit2gtk apps crash with SIGSEGV in v3d_load_utile



About   -   Send Feedback to @ubuntu_updates