WebKitGTK 2.34.4 fixes "Safari leaks" vulnerability

Hi distributors,

WebKitGTK 2.34.4 is now available. As with most WebKitGTK releases, this release fixes numerous security issues, including an especially severe issue that allowed websites to read the names of IndexedDB databases created by other websites. This is very easy to exploit and allows any website to see sensitive private information, such as your Google account identifier. It’s also possible to determine whether the user is browsing certain websites in other tabs, depending on how those websites use IndexedDB. Needless to say, this is very bad, and you are urged to update to WebKitGTK 2.34.4 ASAP to protect your users.

The “Safari leaks” vulnerability affects WebKitGTK 2.34.0 through 2.34.3.

For development distros currently shipping WebKitGTK 2.35.1, use this patch. (Thank you for testing development versions of WebKitGTK!)

It seems webkitgtk.org is experiencing infrastructure difficulties. Bad timing.

And we’re back!

(Why must this post be at least 20 characters…)

You do realise that you can edit your own posts, right? This would avoid having to deal with the minimum length.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.