{"affected":[{"ecosystem_specific":{"binaries":[{"libjavascriptcoregtk-4_0-18":"2.28.2-lp151.2.18.1","libjavascriptcoregtk-4_0-18-32bit":"2.28.2-lp151.2.18.1","libwebkit2gtk-4_0-37":"2.28.2-lp151.2.18.1","libwebkit2gtk-4_0-37-32bit":"2.28.2-lp151.2.18.1","libwebkit2gtk3-lang":"2.28.2-lp151.2.18.1","typelib-1_0-JavaScriptCore-4_0":"2.28.2-lp151.2.18.1","typelib-1_0-WebKit2-4_0":"2.28.2-lp151.2.18.1","typelib-1_0-WebKit2WebExtension-4_0":"2.28.2-lp151.2.18.1","webkit-jsc-4":"2.28.2-lp151.2.18.1","webkit2gtk-4_0-injected-bundles":"2.28.2-lp151.2.18.1","webkit2gtk3-devel":"2.28.2-lp151.2.18.1","webkit2gtk3-minibrowser":"2.28.2-lp151.2.18.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"webkit2gtk3","purl":"pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.28.2-lp151.2.18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for webkit2gtk3 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2020-3899: Fixed a memory consumption issue that could have led to remote code execution (bsc#1170643).\n\nNon-security issues fixed:\n\n- Update to version 2.28.2 (bsc#1170643):\n  + Fix excessive CPU usage due to GdkFrameClock not being stopped.\n  + Fix UI process crash when EGL_WL_bind_wayland_display extension\n    is not available.\n  + Fix position of select popup menus in X11.\n  + Fix playing of Youtube 'live stream'/H264 URLs.\n  + Fix a crash under X11 when cairo uses xcb.\n  + Fix several crashes and rendering issues.\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2020:0646-1","modified":"2020-05-10T18:17:16Z","published":"2020-05-10T18:17:16Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WGCT2IKPMMBWAIPGXTCQMWSCAIVC5NV5/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1170643"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-3899"}],"related":["CVE-2020-3899"],"summary":"Security update for webkit2gtk3","upstream":["CVE-2020-3899"]}