Hi MIchael, Would you like to share the fix commit of CVE-2023-23529, please? It is handled by https://bugs.webkit.org/show_bug.cgi?id=251944 which is still not pulibc.
Sorry for duplicate email that previous is rejected by maillist. Thanks, Kai On Wed, May 31, 2023 at 10:17 PM Michael Catanzaro <mcatanz...@redhat.com> wrote: > > Hi, the bugs are private. I can give you the mappings between bug ID > and fix commit, though: > > 248266 - https://commits.webkit.org/258113@main > 245521 - https://commits.webkit.org/256215@main > 245466 - https://commits.webkit.org/255368@main > 247420 - https://commits.webkit.org/256519@main > 246669 - https://commits.webkit.org/255960@main > 248615 - https://commits.webkit.org/262352@main > 250837 - https://commits.webkit.org/260006@main > > That said, I don't generally recommend backporting fixes yourself > because (a) it can become pretty difficult as time goes on, and (b) > only a tiny fraction of security fixes receive CVE identifiers (maybe > around 5%). So I highly recommend upgrading to WebKitGTK 2.40.2. > WebKitGTK maintains API and ABI stability to the greatest extent > possible in order to encourage safe updates. > > Michael > > > _______________________________________________ > webkit-gtk mailing list > webkit-gtk@lists.webkit.org > https://lists.webkit.org/mailman/listinfo/webkit-gtk >
_______________________________________________ webkit-gtk mailing list webkit-gtk@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-gtk