webkit2gtk: Multiple vulnerabilities (CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983)
CVE-2020-13584
- Processing maliciously crafted web content may lead to arbitrary code execution.
- An use after free issue was addressed with improved memory management.
- Versions affected: WebKitGTK before 2.30.3 and WPE WebKit before 2.30.3.
CVE-2020-9948
- Processing maliciously crafted web content may lead to arbitrary code execution.
- A type confusion issue was addressed with improved memory handling.
- Versions affected: WebKitGTK before 2.30.0 and WPE WebKit before 2.30.0.
Affects only 3.12
CVE-2020-9951
- Processing maliciously crafted web content may lead to arbitrary code execution.
- An use after free issue was addressed with improved memory management.
- Versions affected: WebKitGTK before 2.30.0 and WPE WebKit before 2.30.0.
Affects only 3.12
CVE-2020-9983
- Processing maliciously crafted web content may lead to code execution.
- An out-of-bounds write issue was addressed with improved bounds checking.
- Versions affected: WebKitGTK before 2.30.3 and WPE WebKit before 2.30.3.
Reference:
https://webkitgtk.org/security/WSA-2020-0008.html
Affected branches:
- master
- 3.12-stable
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information