search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: aa9fde1) | patch
webkitgtk: security bump to version 2.12.4
commitd50477b52bf71a9cd03b9e2de38c775d82cea0ec
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Sun, 28 Aug 2016 13:11:39 +0000 (28 10:11 -0300)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Sun, 28 Aug 2016 13:50:33 +0000 (28 15:50 +0200)
tree2c816e696ee7e59a7313957a958a3f8cb4ae5cdftree | snapshot (tar.gz zip)
parentaa9fde1c459dbc20b268694eafd7a1d3341dbf76commit | diff
webkitgtk: security bump to version 2.12.4

Fixes:
CVE-2016-4590 - mishandles about: URLs, which allows remote attackers to
bypass the Same Origin Policy via a crafted web site.

CVE-2016-4591 - mishandles the location variable, which allows remote
attackers to access the local filesystem via unspecified vectors.

CVE-2016-4622 - allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via a crafted web site, a
different vulnerability than CVE-2016-4589, CVE-2016-4623, and
CVE-2016-4624.

CVE-2016-4624 - allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via a crafted web site, a
different vulnerability than CVE-2016-4589, CVE-2016-4622, and
CVE-2016-4623.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/webkitgtk/webkitgtk.hash diff | blob | blame | history
package/webkitgtk/webkitgtk.mk diff | blob | blame | history
My buildroot patches