* [Buildroot] [PATCH] package/wpewebkit: security bump to version 2.22.5
@ 2019-04-14 18:57 Peter Korsgaard
2019-04-15 19:40 ` Thomas Petazzoni
0 siblings, 1 reply; 2+ messages in thread
From: Peter Korsgaard @ 2019-04-14 18:57 UTC (permalink / raw)
To: buildroot
Fixes the following security issues:
- CVE-2019-8518: Processing maliciously crafted web content may lead to
arbitrary code execution. Multiple memory corruption issues were
addressed with improved memory handling.
- CVE-2019-8523: Processing maliciously crafted web content may lead to
arbitrary code execution. Multiple memory corruption issues were
addressed with improved memory handling.
In addition, 2.22.5 contains a number of bugfixes. From the announcement:
- Fix rendering of glyphs in Hebrew (and possibly other languages) when
Unicode NFC normalization is used.
- Fix several crashes and race conditions.
Change SITE to https as the webserver uses HSTS.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/wpewebkit/wpewebkit.hash | 8 ++++----
package/wpewebkit/wpewebkit.mk | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/wpewebkit/wpewebkit.hash b/package/wpewebkit/wpewebkit.hash
index 27c6cdf33e..cbf253d29c 100644
--- a/package/wpewebkit/wpewebkit.hash
+++ b/package/wpewebkit/wpewebkit.hash
@@ -1,7 +1,7 @@
-# From https://wpewebkit.org/releases/wpewebkit-2.22.4.tar.xz.sums
-md5 6e5c668473c57906bdec1c641bac4579 wpewebkit-2.22.4.tar.xz
-sha1 002b8b25f4fc26bfef68767b3ff1eba1aac53fa5 wpewebkit-2.22.4.tar.xz
-sha256 871e86b7e989de0c1224ac7ab8ed6d8b52756cf793a8c253b56ab8ba8d288c96 wpewebkit-2.22.4.tar.xz
+# From https://wpewebkit.org/releases/wpewebkit-2.22.5.tar.xz.sums
+md5 7b768bfae1295ebbc9a9038bf8fb6e6c wpewebkit-2.22.5.tar.xz
+sha1 c85f927e0f17f1e7045a5d33c683d310c7af24de wpewebkit-2.22.5.tar.xz
+sha256 d5e7b23e4f9e9f1b9d369faa4d527cdb59aef56b3e6a50a16dad243df5f699f3 wpewebkit-2.22.5.tar.xz
# Hashes for license files:
sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
diff --git a/package/wpewebkit/wpewebkit.mk b/package/wpewebkit/wpewebkit.mk
index 89df9b725c..73ad534acd 100644
--- a/package/wpewebkit/wpewebkit.mk
+++ b/package/wpewebkit/wpewebkit.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WPEWEBKIT_VERSION = 2.22.4
+WPEWEBKIT_VERSION = 2.22.5
WPEWEBKIT_SITE = http://www.wpewebkit.org/releases
WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz
WPEWEBKIT_INSTALL_STAGING = YES
--
2.11.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] package/wpewebkit: security bump to version 2.22.5
2019-04-14 18:57 [Buildroot] [PATCH] package/wpewebkit: security bump to version 2.22.5 Peter Korsgaard
@ 2019-04-15 19:40 ` Thomas Petazzoni
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2019-04-15 19:40 UTC (permalink / raw)
To: buildroot
On Sun, 14 Apr 2019 20:57:36 +0200
Peter Korsgaard <peter@korsgaard.com> wrote:
> Fixes the following security issues:
>
> - CVE-2019-8518: Processing maliciously crafted web content may lead to
> arbitrary code execution. Multiple memory corruption issues were
> addressed with improved memory handling.
>
> - CVE-2019-8523: Processing maliciously crafted web content may lead to
> arbitrary code execution. Multiple memory corruption issues were
> addressed with improved memory handling.
>
> In addition, 2.22.5 contains a number of bugfixes. From the announcement:
>
> - Fix rendering of glyphs in Hebrew (and possibly other languages) when
> Unicode NFC normalization is used.
> - Fix several crashes and race conditions.
>
> Change SITE to https as the webserver uses HSTS.
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
> package/wpewebkit/wpewebkit.hash | 8 ++++----
> package/wpewebkit/wpewebkit.mk | 2 +-
> 2 files changed, 5 insertions(+), 5 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-04-15 19:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-14 18:57 [Buildroot] [PATCH] package/wpewebkit: security bump to version 2.22.5 Peter Korsgaard
2019-04-15 19:40 ` Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.