Bug 1082221 - VUL-0: webkit2gtk3: various issues fixed with 2.10.7
VUL-0: webkit2gtk3: various issues fixed with 2.10.7
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2018-02-22 07:32 UTC by Marcus Meissner
Modified: 2018-02-22 07:33 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-02-22 07:32:56 UTC

backwards tracking only of CVEs.

This update for webkit2gtk3 fixes the following issues:

- Update to version 2.10.7:
+ Fix the build with GTK+ < 3.16.
- Changes from version 2.10.6:
+ Fix a deadlock in the Web Process when JavaScript garbage collector
was running for a web worker thread that made google maps to hang.
+ Fix media controls displaying without controls attribute.
+ Fix a Web Process crash when quickly attempting many DnD
- Changes from version 2.10.5:
+ Disable DNS prefetch when a proxy is configured.
+ Reduce the maximum simultaneous network connections to match
other browsers.
+ Make WebKitWebView always propagate motion-notify-event signal.
+ Add a way to force accelerating compositing mode at runtime using an
environment variable.
+ Fix input elements and scrollbars rendering with GTK+ 3.19.
+ Fix rendering of lines when using solid colors.
+ Fix UI process crashes related to not having a main resource response
when the load is committed for pages restored from the history cache.
+ Fix a WebProcess crash when loading large contents with custom URI
schemes API.
+ Fix a crash in the UI process when the WebView is destroyed while the
screensaver DBus proxy is being created.
+ Fix WebProcess crashes due to BadDrawable X errors in accelerated
compositing mode.
+ Fix crashes on PPC64 due to mprotect() on address not aligned to the
page size.
+ Fix std::bad_function_call exception raised in
+ Fix downloads of data URLs.
+ Fix runtime critical warnings when closing a page containing windowed
+ Fix several crashes and rendering issues.
+ Translation updates: French, German, Italian, Turkish.
+ Security fixes: CVE-2015-7096, CVE-2015-7098.
- Update to version 2.10.4, notable changes:
+ New HTTP disk cache for the Network Process.
+ New Web Inspector UI.
+ Automatic ScreenServer inhibition when playing fullscreen videos.
+ Initial Editor API.
+ Performance improvements.
- This update addresses the following security issues: CVE-2015-1122,
CVE-2015-1152, CVE-2015-1155, CVE-2015-3660, CVE-2015-3730,
CVE-2015-3738, CVE-2015-3740, CVE-2015-3742, CVE-2015-3744,
CVE-2015-3746, CVE-2015-3750, CVE-2015-3751, CVE-2015-3754,
CVE-2015-3755, CVE-2015-5804, CVE-2015-5805, CVE-2015-5807,
CVE-2015-5810, CVE-2015-5813, CVE-2015-5814, CVE-2015-5815,
CVE-2015-5817, CVE-2015-5818, CVE-2015-5825, CVE-2015-5827,
CVE-2015-5828, CVE-2015-5929, CVE-2015-5930, CVE-2015-5931,
CVE-2015-7002, CVE-2015-7013, CVE-2015-7014, CVE-2015-7048,
CVE-2015-7095, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100,
CVE-2015-7102, CVE-2015-7103, CVE-2015-7104
- Add BuildRequires: hyphen-devel to pick up hyphenation support. Note
this is broken upstream.
-DENABLE_INDEXED_DATABASE=OFF to avoid an issue with GCC 4.8.
Comment 1 Marcus Meissner 2018-02-22 07:33:13 UTC
was fixed already