UbuntuUpdates.org

Package "webkit2gtk"

Name: webkit2gtk

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • JavaScript engine library from WebKitGTK - GObject introspection data
  • JavaScript engine library from WebKitGTK - GObject introspection data
  • Web content engine library for GTK - GObject introspection data
  • Web content engine library for GTK - GObject introspection data
Latest version: 2.50.4-0ubuntu0.25.10.1
Release: questing (25.10)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "webkit2gtk" in Questing

Repository Area Version
base main 2.48.6-1ubuntu2
base universe 2.48.6-1ubuntu2
security universe 2.50.4-0ubuntu0.25.10.1
updates main 2.50.4-0ubuntu0.25.10.1
updates universe 2.50.4-0ubuntu0.25.10.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.50.4-0ubuntu0.25.10.1 2026-01-13 18:07:51 UTC

  webkit2gtk (2.50.4-0ubuntu0.25.10.1) questing-security; urgency=medium

  * Update to 2.50.4 to fix security issues.
    - CVE-2025-14174, CVE-2025-43501, CVE-2025-43529, CVE-2025-43531,
      CVE-2025-43535, CVE-2025-43536, CVE-2025-43541

 -- Marc Deslauriers <email address hidden> Tue, 06 Jan 2026 08:15:42 -0500
Source diff to previous version
CVE-2025-14174 Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access
CVE-2025-43501 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and i
CVE-2025-43529 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3,
CVE-2025-43531 A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2
CVE-2025-43535 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, ma
CVE-2025-43536 A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2,
CVE-2025-43541 A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPa

Version: 2.50.3-0ubuntu0.25.10.1 2026-01-05 16:10:35 UTC

  webkit2gtk (2.50.3-0ubuntu0.25.10.1) questing-security; urgency=medium

  * Update to 2.50.3 to fix security issues.
    - Dropped patches no longer needed:
      + debian/patches/fix-link-error.patch
      + debian/patches/fix-crash.patch
    - CVE-2025-13947
    - CVE-2025-43421
    - CVE-2025-43458
    - CVE-2025-66287

 -- Marc Deslauriers <email address hidden> Tue, 09 Dec 2025 08:33:40 -0500
Source diff to previous version
CVE-2025-13947 A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted
CVE-2025-43421 Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.
CVE-2025-43458 This issue was addressed through improved state management. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.
CVE-2025-66287 A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.

Version: 2.50.2-0ubuntu0.25.10.2 2025-12-09 18:32:45 UTC

  webkit2gtk (2.50.2-0ubuntu0.25.10.2) questing-security; urgency=medium

  * Update to 2.50.2 to fix security issues.
    - Add patches from resolute package:
      + debian/patches/fix-link-error.patch:
      + debian/patches/fix-crash.patch:
    - CVE-2025-43392, CVE-2025-43425, CVE-2025-43427, CVE-2025-43429,
      CVE-2025-43430, CVE-2025-43431, CVE-2025-43432, CVE-2025-43434,
      CVE-2025-43440, CVE-2025-43443

 -- Marc Deslauriers <email address hidden> Mon, 01 Dec 2025 07:32:52 -0500
Source diff to previous version
CVE-2025-43392 The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. A website may exfiltrate image data cr
CVE-2025-43425 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvO
CVE-2025-43427 This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, Safari 26.1, visionOS 26.1. P
CVE-2025-43429 A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted we
CVE-2025-43430 This issue was addressed through improved state management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1
CVE-2025-43431 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web conten
CVE-2025-43432 A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and i
CVE-2025-43434 A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously cra
CVE-2025-43440 This issue was addressed with improved checks This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. P
CVE-2025-43443 This issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may le

Version: 2.50.1-0ubuntu0.25.10.1 2025-11-27 19:55:46 UTC

  webkit2gtk (2.50.1-0ubuntu0.25.10.1) questing-security; urgency=medium

  * Update to 2.50.1 to fix security issues.
    - CVE-2025-43343
  * debian/patches, debian/source/lintian-overrides, debian/copyright,
    debian/gbp.conf, debian/*symbols: sync with resolute package.

 -- Marc Deslauriers <email address hidden> Wed, 29 Oct 2025 09:40:19 -0400
Source diff to previous version
CVE-2025-43343 The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Proc

Version: 2.50.0-2ubuntu1.1 2025-11-04 11:08:30 UTC

  webkit2gtk (2.50.0-2ubuntu1.1) questing-security; urgency=medium

  * No-change rebuild to get missing amd64v3 build.

 -- Marc Deslauriers <email address hidden> Mon, 03 Nov 2025 17:24:41 +0100


About   -   Send Feedback to @ubuntu_updates