[Buildroot] [PATCH 2/4] package/webkitgtk: security bump to version 2.26.4
Peter Korsgaard
peter at korsgaard.com
Sun Feb 16 11:55:54 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2020-3862: Impact: A malicious website may be able to cause a denial
> of service. Description: A denial of service issue was addressed with
> improved memory handling.
> - CVE-2020-3864: Impact: A DOM object context may not have had a unique
> security origin. Description: A logic issue was addressed with improved
> validation.
> - CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
> been considered secure. Description: A logic issue was addressed with
> improved validation.
> - CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
> to universal cross site scripting. Description: A logic issue was
> addressed with improved state management.
> - CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
> to arbitrary code execution. Description: Multiple memory corruption
> issues were addressed with improved memory handling.
> For more details, see the advisory:
> https://webkitgtk.org/security/WSA-2020-0002.html
> While we are at it, adjust the white space in the .hash function to match
> the new agreements.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list