Ubuntu
webkit2gtk package

Update to bugfix release 2.10.8 in Xenial

Bug #1556973 reported by Amr Ibrahim on 2016-03-14

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	webkit2gtk (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

This is a bug fix release in the stable 2.10 series.
http://webkitgtk.org/2016/03/11/webkitgtk2.10.8-released.html

What’s new in the WebKitGTK+ 2.10.8 release?

- Limit the number of tiles according to the visible area. This was causing a huge memory consumption with some websites.
- Fix flickering and rendering artifacts when entering accelerated compositing mode before the web view is realized.
- Fix rendering of form controls and scrollbars with GTK+ >= 3.19.
- Fix HTTP authentication dialog rendering when accelerated compositing mode is enabled.
- Fix rendering artifacts when using a web view background color.
- Fix a crash when creating a WebKitWebView without providing a WebKitWebContext.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2016-1726.

See original description

Tags:

CVE References

2016-1726

Amr Ibrahim (amribrahim1987) on 2016-03-14

information type:	Private Security → Public Security
description:	updated

Revision history for this message

Michael Catanzaro (mike-catanzaro) wrote on 2016-03-14:

#1

Thanks for proposing this update. In general, I strongly recommend updating all supported releases, not just Xenial. See http://webkitgtk.org/security.html for details.

2.10.8 fixes a serious bug that crashes GPU drivers, a source of many complaints from users, so it's an important update. Unfortunately this fix introduced a regression affecting Twitter, so I recommend skipping this particular update to wait for a fix. See https://bugs.webkit.org/show_bug.cgi?id=155426

Revision history for this message

Amr Ibrahim (amribrahim1987) wrote on 2016-03-15:

#2

Iain, I see that 2.10.8-1ubuntu1 is in proposed now. But why is it built with GeoClue 1, while we have GeoClue 2 in main? https://launchpad.net/ubuntu/+source/geoclue-2.0

Revision history for this message

Amr Ibrahim (amribrahim1987) wrote on 2016-03-15:

#3

I also filed Bug #1556964 to update webkitgtk to 2.4.10 in Trusty.

Revision history for this message

Iain Lane (laney) wrote on 2016-03-15: Re: [Bug 1556973] Re: Update to bugfix release 2.10.8 in Xenial

#4

On Tue, Mar 15, 2016 at 12:55:22PM -0000, Amr Ibrahim wrote:
> Iain, I see that 2.10.8-1ubuntu1 is in proposed now. But why is it built
> with GeoClue 1, while we have GeoClue 2 in main?
> https://launchpad.net/ubuntu/+source/geoclue-2.0

We don't have geoclue-2.0 on Ubuntu desktop.

--
Iain Lane [ <email address hidden> ]
Debian Developer [ <email address hidden> ]
Ubuntu Developer [ <email address hidden> ]

Revision history for this message

Steve Beattie (sbeattie) wrote on 2016-03-16:

#5

webkit2gtk 2.10.8-1ubuntu1 migrated from xenial-proposed to xenial, closing.

Changed in webkit2gtk (Ubuntu):
status:	New → Fix Released

Revision history for this message

Michael Catanzaro (mike-catanzaro) wrote on 2016-03-25:

#6

Hi,

As I mentioned above, 2.10.8 is a known-bad release. It turns out that it broke many sites, not just Twitter. You really do not want to ship with this; you should upgrade to 2.10.9.

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2016-03-25:

#7

We have (2.10.9-1ubuntu1) now in xenial.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

auto-bugs.webkit.org #155426
[RESOLVED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.