From 48ba279287e544f77fb908c80e169ff9ea6e4148 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 23 Nov 2020 18:46:04 +0100 Subject: [PATCH] webkitgtk: 2.30.2 -> 2.30.3 Fixes processing of malicousliy crafted web content which could lead to - CVE-2020-13584: arbitrary code execution due to a use after free issue - CVE-2020-9983: code execution due to an out-of-bounds write issue Advisory at https://webkitgtk.org/security/WSA-2020-0008.html Fixes: CVE-2090-13584, CVE-2020-9983 --- pkgs/development/libraries/webkitgtk/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/webkitgtk/default.nix b/pkgs/development/libraries/webkitgtk/default.nix index 8d52e8703a94a9..a3412e1b0b7202 100644 --- a/pkgs/development/libraries/webkitgtk/default.nix +++ b/pkgs/development/libraries/webkitgtk/default.nix @@ -59,7 +59,7 @@ with stdenv.lib; stdenv.mkDerivation rec { pname = "webkitgtk"; - version = "2.30.2"; + version = "2.30.3"; outputs = [ "out" "dev" ]; @@ -67,7 +67,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://webkitgtk.org/releases/${pname}-${version}.tar.xz"; - sha256 = "0ak8slddg7gpk6m096xzkiqw9bfsrrizvqr815bw44665fyf0ry4"; + sha256 = "0zsy3say94d9bhaan0l6mfr59z03a5x4kngyy8b2i20n77q19skd"; }; patches = optionals stdenv.isLinux [