[Webkit-unassigned] [Bug 281138] webkitgtk-2.46.3 fails to build on riscv64 (JSC, llint)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 31 12:37:58 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=281138

Michael Orlitzky <michael at orlitzky.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|webkitgtk-2.46.2 fails to   |webkitgtk-2.46.3 fails to
                   |build on riscv64 (JSC,      |build on riscv64 (JSC,
                   |llint)                      |llint)

--- Comment #1 from Michael Orlitzky <michael at orlitzky.com> ---
Same thing in 2.46.3. There are now six public CVEs against the last version that does build:

CVE-2024-40857
  Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
  Credit to Ron Masas.
  Impact: Processing maliciously crafted web content may lead to
  universal cross site scripting. Description: This issue was
  addressed through improved state management.
  WebKit Bugzilla: 268724

CVE-2024-40866
  Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
  Credit to Hafiizh and YoKo Kho (@yokoacc) of HakTrak.
  Impact: Visiting a malicious website may lead to address bar
  spoofing. Description: The issue was addressed with improved UI.
  WebKit Bugzilla: 279451

CVE-2024-44187
  Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
  Credit to Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd,
  Pune (India).
  Impact: A malicious website may exfiltrate data cross-origin.
  Description: A cross-origin issue existed with "iframe" elements.
  This was addressed with improved tracking of security origins.
  WebKit Bugzilla: 279452

CVE-2024-44185
  Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
  Credit to Gary Kwong.
  Impact: Processing maliciously crafted web content may lead to an unexpected
  process crash Description: The issue was addressed with improved checks.
  WebKit Bugzilla: 276097

CVE-2024-44244
  Versions affected: WebKitGTK and WPE WebKit before 2.46.3.
  Credit to an anonymous researcher, Q1IQ (@q1iqF) and P1umer (@p1umer).
  Impact: Processing maliciously crafted web content may lead to an unexpected process crash
  Description: A memory corruption issue was addressed with improved input validation.
  WebKit Bugzilla: 279780


CVE-2024-44296
  Versions affected: WebKitGTK and WPE WebKit before 2.46.3.
  Credit to Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India).
  Impact: Processing maliciously crafted web content may prevent Content Security Policy from
  being enforced Description: The issue was addressed with improved checks.
  WebKit Bugzilla: 278765

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20241031/92f970ab/attachment.htm>

More information about the webkit-unassigned mailing list