[webkit-gtk] How to fix CVEs of webkitgtk 2.36.x

不会弹吉他的KK kai.7.kang at gmail.com
Tue Mar 21 20:57:24 PDT 2023

Hi All,

I am working on Yocto project. In last LTS Yocto release the version of
webkitgtk is 2.36.8.
And there are more than 15 CVE issues for 2.36.8 till now. I checked the
git log and
"WebKitGTK and WPE WebKit Security Advisory" pages that I only got info
that which CVE
has been fixed in which version of webkitgtk. But I can NOT get the exact
info that it is fixed by
which commit(s). So if there anywhere or some web page to get the specific
fix/patch for a CVE,

And the second question is webkitgtk 2.38.x backward compatible with
2.36.8? I compare
 the header files between 2.36.8 and 2.38.4 that it seems no function
deleted and no interface
change for existing functions, only some functions are marked deprecated
and some new functions
added. Does that mean upgrade webkitgtk from 2.36.8 to 2.38.4 will not
break applications which
depend on it, please?

Thanks a lot.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-gtk/attachments/20230322/cf0fae51/attachment.htm>

More information about the webkit-gtk mailing list