Update to WebKitGTK 2.28.1: * Fix position of default option element popup windows under Wayland. * Fix rendering after a cross site navigation with PSON enabled and hardware acceleration forced. * Fix a crash in nested wayland compositor when closing a tab with PSON enabled. * Update Chrome and Firefox versions in user agent quirks. * Fix several crashes and rendering issues. *
Archive for April 25th, 2020
Security fix for CVE-2020-5260 From the upstream [release notes](https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.5.txt): > With a crafted URL that contains a newline or empty host, or lacks > a scheme, the credential helper machinery can be fooled into > providing credential information that is not appropriate for the > protocol in use and host being
It was discovered that python-reportlab, a Python library to create PDF documents, is prone to a code injection vulnerability while parsing a color attribute. An attacker can take advantage of this flaw to execute arbitrary code if a specially crafted document is processed.