[Buildroot] [PATCH 4/4] package/wpewebkit: security bump to version 2.26.4

Peter Korsgaard peter at korsgaard.com
Sun Feb 16 11:55:48 UTC 2020


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > - CVE-2020-3862: Impact: A malicious website may be able to cause a denial
 >   of service.  Description: A denial of service issue was addressed with
 >   improved memory handling.

 > - CVE-2020-3864: Impact: A DOM object context may not have had a unique
 >   security origin.  Description: A logic issue was addressed with improved
 >   validation.

 > - CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
 >   been considered secure.  Description: A logic issue was addressed with
 >   improved validation.

 > - CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
 >   to universal cross site scripting.  Description: A logic issue was
 >   addressed with improved state management.

 > - CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
 >   to arbitrary code execution.  Description: Multiple memory corruption
 >   issues were addressed with improved memory handling.

 > For more details, see the advisory:
 > https://wpewebkit.org/security/WSA-2020-0002.html

 > While we are at it, adjust the white space in the .hash function to match
 > the new agreements.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list