"Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2022-22620 Versions affected: WebKitGTK and WPE WebKit before 2.34.6. Credit to an anonymous researcher. Impact: processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management." Please bump to 2.34.6.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f103767bfcbc3d7e664111ddb822ffea35975b35 commit f103767bfcbc3d7e664111ddb822ffea35975b35 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-02-18 03:41:25 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-02-18 03:44:15 +0000 net-libs/webkit-gtk: Version bump to 2.34.6 Bug: https://bugs.gentoo.org/833568 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 1 + net-libs/webkit-gtk/webkit-gtk-2.34.6.ebuild | 272 +++++++++++++++++++++++++++ 2 files changed, 273 insertions(+)
Thanks! Please stable when ready!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4249de5dfd23a1ba0ec24efea124ce21a45b97e7 commit 4249de5dfd23a1ba0ec24efea124ce21a45b97e7 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-04-20 02:32:49 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-04-20 02:33:09 +0000 net-libs/webkit-gtk: Drop old versions Bug: https://bugs.gentoo.org/833568 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 1 - .../files/2.34.3-opengl-without-X-fixes.patch | 46 ---- net-libs/webkit-gtk/webkit-gtk-2.34.5.ebuild | 273 --------------------- 3 files changed, 320 deletions(-)
Thanks Matt!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1d278bb93fbf8fdb34ef9c125c5f4536e11c15d7 commit 1d278bb93fbf8fdb34ef9c125c5f4536e11c15d7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-31 23:54:04 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-31 23:56:59 +0000 [ GLSA 202208-39 ] WebKitGTK+: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/832990 Bug: https://bugs.gentoo.org/833568 Bug: https://bugs.gentoo.org/837305 Bug: https://bugs.gentoo.org/839984 Bug: https://bugs.gentoo.org/845252 Bug: https://bugs.gentoo.org/856445 Bug: https://bugs.gentoo.org/861740 Bug: https://bugs.gentoo.org/864427 Bug: https://bugs.gentoo.org/866494 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-39.xml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+)
