"Fix several crashes and rendering issues." We already know about three CVEs addressed in the WebKit Bugzilla thanks to Apple: https://support.apple.com/en-us/HT213342 https://support.apple.com/en-us/HT213341 "WebKit Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative WebRTC Available for: macOS Big Sur and macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Visiting a website that frames malicious content may lead to UI spoofing The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ."
The WebKit advisory is released, this time only a week after the Apple advisories: https://webkitgtk.org/security/WSA-2022-0007.html
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17cca544e5a7e4bd8d25dedd3b9982a879ee187b commit 17cca544e5a7e4bd8d25dedd3b9982a879ee187b Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-07-29 02:19:34 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-07-29 02:23:44 +0000 net-libs/webkit-gtk: Version bump to 2.36.5 Bug: https://bugs.gentoo.org/861740 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 1 + net-libs/webkit-gtk/webkit-gtk-2.36.5.ebuild | 250 +++++++++++++++++++++++++++ 2 files changed, 251 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1d278bb93fbf8fdb34ef9c125c5f4536e11c15d7 commit 1d278bb93fbf8fdb34ef9c125c5f4536e11c15d7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-31 23:54:04 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-31 23:56:59 +0000 [ GLSA 202208-39 ] WebKitGTK+: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/832990 Bug: https://bugs.gentoo.org/833568 Bug: https://bugs.gentoo.org/837305 Bug: https://bugs.gentoo.org/839984 Bug: https://bugs.gentoo.org/845252 Bug: https://bugs.gentoo.org/856445 Bug: https://bugs.gentoo.org/861740 Bug: https://bugs.gentoo.org/864427 Bug: https://bugs.gentoo.org/866494 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-39.xml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30fb91bb7302f3fcc8587a46bfcb330bd530490d commit 30fb91bb7302f3fcc8587a46bfcb330bd530490d Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-09-13 17:54:56 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-09-13 17:56:02 +0000 net-libs/webkit-gtk: Drop old versions Bug: https://bugs.gentoo.org/861740 Bug: https://bugs.gentoo.org/864427 Bug: https://bugs.gentoo.org/866494 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 4 - net-libs/webkit-gtk/files/2.36.5-fix-crash.patch | 82 -------- net-libs/webkit-gtk/metadata.xml | 1 - net-libs/webkit-gtk/webkit-gtk-2.36.3.ebuild | 249 ---------------------- net-libs/webkit-gtk/webkit-gtk-2.36.4.ebuild | 250 ---------------------- net-libs/webkit-gtk/webkit-gtk-2.36.5-r1.ebuild | 252 ----------------------- net-libs/webkit-gtk/webkit-gtk-2.36.6.ebuild | 250 ---------------------- 7 files changed, 1088 deletions(-)
Thanks Matt, all done!
