From: Raspbian automatic forward porter <root@raspbian.org>
Date: Thu, 11 May 2023 22:12:07 +0000 (+0100)
Subject: Merge version 2.38.5-1~deb10u1+rpi1 and 2.38.6-0+deb10u1 to produce 2.38.6-0+deb10u1... 
X-Git-Tag: archive/raspbian/2.38.6-0+deb10u1+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=019dd1bff15c3738f8a11d8a70c2f52e5fd597d3;p=webkit2gtk.git

Merge version 2.38.5-1~deb10u1+rpi1 and 2.38.6-0+deb10u1 to produce 2.38.6-0+deb10u1+rpi1
---

019dd1bff15c3738f8a11d8a70c2f52e5fd597d3
diff --cc debian/changelog
index 4750a51e3e,9f569980f8..ffd7fb4beb
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,10 -1,15 +1,23 @@@
- webkit2gtk (2.38.5-1~deb10u1+rpi1) buster-staging; urgency=medium
++webkit2gtk (2.38.6-0+deb10u1+rpi1) buster-staging; urgency=medium
 +
 +  [changes brought forward from 2.6.2+dfsg1-3+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 25 Jan 2015 02:14:50 +0000]
 +  * Disable javascript JIT as it doesn't appear to be armv6 compatible
 +    (at least I assume that is the cause of the assembler errors)
 +
-  -- Raspbian forward porter <root@raspbian.org>  Thu, 16 Feb 2023 14:38:25 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Thu, 11 May 2023 22:12:05 +0000
++
+ webkit2gtk (2.38.6-0+deb10u1) buster-security; urgency=medium
+ 
+   * New upstream stable update.
+   * CVE-2022-0108: information disclosure via iframes.
+   * CVE-2022-32885: memory corruption leading to arbitrary code execution.
+   * CVE-2023-27932: Same Origin Policy bypass.
+   * CVE-2023-27954: information disclosure.
+   * CVE-2023-28205: arbitrary code execution.
+   * debian/patches/fix-jscast-undeclared-error.patch:
+     - Fix a build issue in JavaScriptCore.
+ 
+  -- Emilio Pozuelo Monfort <pochu@debian.org>  Thu, 11 May 2023 13:12:55 +0200
  
  webkit2gtk (2.38.5-1~deb10u1) buster-security; urgency=high