This update for webkit2gtk3 to version 2.20.5 fixes the following issues:
Security issue fixed:
- CVE-2018-12911: Fix off-by-one in xdg_mime_get_simple_globs
(bsc#1101999).
- CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264,
CVE-2018-4265, CVE-2018-4267, CVE-2018-4272, CVE-2018-4284: Processing
maliciously crafted web content may lead to arbitrary code execution. A
memory corruption issue was addressed with improved memory handling.
- CVE-2018-4266: A malicious website may be able to cause a denial of
service. A race condition was addressed with additional validation.
- CVE-2018-4270, CVE-2018-4271, CVE-2018-4273: Processing maliciously
crafted web content may lead to an unexpected application crash. A
memory corruption issue was addressed with improved input validation.
- CVE-2018-4278: A malicious website may exfiltrate audio data
cross-origin. Sound fetched through audio elements may be exfiltrated
cross-origin. This issue was addressed with improved audio taint
tracking.
Other bugs fixed:
- Fix rendering artifacts in some web sites due to a bug introduced in
2.20.4.
- Fix a crash when leaving accelerated compositing mode.
- Fix non-deterministic build failure due to missing
JavaScriptCore/JSContextRef.h.
This update was imported from the SUSE:SLE-15:Update update project.