package/wpewebkit: security bump to version 2.26.4
Fixes the following security issues:
- CVE-2020-3862: Impact: A malicious website may be able to cause a denial
of service. Description: A denial of service issue was addressed with
improved memory handling.
- CVE-2020-3864: Impact: A DOM object context may not have had a unique
security origin. Description: A logic issue was addressed with improved
validation.
- CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
been considered secure. Description: A logic issue was addressed with
improved validation.
- CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
to universal cross site scripting. Description: A logic issue was
addressed with improved state management.
- CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
to arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
For more details, see the advisory:
https://wpewebkit.org/security/WSA-2020-0002.html
While we are at it, adjust the white space in the .hash function to match
the new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
projects / buildroot.git / commit