AVG-2789 log
| Package | wpewebkit |
| Status | Fixed |
| Severity | Critical |
| Type | multiple issues |
| Affected | 2.36.4-2 |
| Fixed | 2.36.5-1 |
| Current | 2.46.3-1 [extra] |
| Ticket | None |
| Created | Thu Jul 28 21:15:49 2022 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2022-32816 | High | Yes | Content spoofing | Visiting a website that frames malicious content may lead to UI spoofing. |
| CVE-2022-32792 | Critical | Yes | Arbitrary code execution | Processing maliciously crafted web content may lead to arbitrary code execution. |
| References |
|---|
https://webkitgtk.org/security/WSA-2022-0007.html |
| Notes |
|---|
Our WebKit2GTK and WPE WebKit versions are not affected by the 'CVE-2022-2294' vulnerability because our packages are not built using the 'USE_LIBWEBRTC' CMake option. |