security update in Fedora 30 for webkit2gtk3

Status: stable 6 months ago
  • Do not allow changes in active URI before provisional load starts for non-API requests.
  • Stop the threaded compositor when the page is not visible or layer tree state is frozen.
  • Use WebKit HTTP source element again for adaptive streaming fragments downloading.
  • Properly handle empty resources in webkit_web_resource_get_data().
  • Add quirk to ensure outlook.live.com uses the modern UI.
  • Fix methods returing GObject or boxed types in JavaScriptCore GLib API.
  • Ensure callback data is passed to functions and constructors with no parameters in JavaScriptCore GLib API.
  • Fix rendering of complex text when the font uses x,y origins.
  • Fix sound loop with Google Hangouts and WhatsApp notifications.
  • Fix the build with GStreamer 1.12.5 and GST GL enabled.
  • Detect SSE2 at compile time.
  • Fix several crashes and rendering issues.
  • Security fixes: CVE-2019-6251, CVE-2019-11070.

Logout Required

After installing this update it is required that you logout of your current user session and log back in to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --advisory=FEDORA-2019-d9a15be3ba

Comments 12

This update has been submitted for testing by erack.

This update has been pushed to testing.

This update has been submitted for batched by bodhi.

Bodhi is unable to request this update for stabilization: unable to obtain a session

catanzaro edited this update.

catanzaro edited this update.

This update has been submitted for stable by bodhi.

erack edited this update.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Autopush (time)
submitted 6 months ago
in testing 6 months ago
in stable 6 months ago
modified 6 months ago

Related Bugs 2

00 #1667409 CVE-2019-6251 epiphany: Improper input validation in embed/ephy-web-view.c
00 #1667410 CVE-2019-6251 epiphany: vulnerable to URL spoofing attack [fedora-all]

Automated Test Results