Version in base suite: 2.26.3-1~deb10u1
Version in overlay suite: 2.26.4-1~deb10u2

Base version: webkit2gtk_2.26.4-1~deb10u2
Target version: webkit2gtk_2.26.4-1~deb10u3
Base file: /srv/ftp-master.debian.org/ftp/pool/main/w/webkit2gtk/webkit2gtk_2.26.4-1~deb10u2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/w/webkit2gtk/webkit2gtk_2.26.4-1~deb10u3.dsc

 changelog                        |    7 +++++++
 patches/cve-2020-11793-fix.patch |   23 +++++++++++++++++++++++
 patches/series                   |    1 +
 3 files changed, 31 insertions(+)

diff -Nru webkit2gtk-2.26.4/debian/changelog webkit2gtk-2.26.4/debian/changelog
--- webkit2gtk-2.26.4/debian/changelog	2020-03-16 14:25:01.000000000 +0000
+++ webkit2gtk-2.26.4/debian/changelog	2020-04-16 16:37:24.000000000 +0000
@@ -1,3 +1,10 @@
+webkit2gtk (2.26.4-1~deb10u3) buster-security; urgency=medium
+
+  * debian/patches/cve-2020-11793-fix.patch:
+    + Cherry-pick fix for CVE-2020-11793.
+
+ -- Alberto Garcia <berto@igalia.com>  Thu, 16 Apr 2020 18:37:24 +0200
+
 webkit2gtk (2.26.4-1~deb10u2) buster-security; urgency=medium
 
   * debian/patches/cve-2020-10018-fix.patch:
diff -Nru webkit2gtk-2.26.4/debian/patches/cve-2020-11793-fix.patch webkit2gtk-2.26.4/debian/patches/cve-2020-11793-fix.patch
--- webkit2gtk-2.26.4/debian/patches/cve-2020-11793-fix.patch	1970-01-01 00:00:00.000000000 +0000
+++ webkit2gtk-2.26.4/debian/patches/cve-2020-11793-fix.patch	2020-04-16 16:37:24.000000000 +0000
@@ -0,0 +1,23 @@
+From: ChangSeok Oh <changseok@webkit.org>
+Subject: Fix CVE-2020-11793
+Origin: https://trac.webkit.org/changeset/258532/webkit
+Index: webkitgtk/Source/WebCore/html/HTMLTextAreaElement.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/html/HTMLTextAreaElement.cpp
++++ webkitgtk/Source/WebCore/html/HTMLTextAreaElement.cpp
+@@ -284,13 +284,14 @@ void HTMLTextAreaElement::defaultEventHa
+ 
+ void HTMLTextAreaElement::subtreeHasChanged()
+ {
+-    setChangedSinceLastFormControlChangeEvent(true);
+     setFormControlValueMatchesRenderer(false);
+     updateValidity();
+ 
+     if (!focused())
+         return;
+ 
++    setChangedSinceLastFormControlChangeEvent(true);
++
+     if (RefPtr<Frame> frame = document().frame())
+         frame->editor().textDidChangeInTextArea(this);
+     // When typing in a textarea, childrenChanged is not called, so we need to force the directionality check.
diff -Nru webkit2gtk-2.26.4/debian/patches/series webkit2gtk-2.26.4/debian/patches/series
--- webkit2gtk-2.26.4/debian/patches/series	2020-03-16 14:25:01.000000000 +0000
+++ webkit2gtk-2.26.4/debian/patches/series	2020-04-16 16:37:24.000000000 +0000
@@ -11,3 +11,4 @@
 reduce-memory-overheads.patch
 force-single-process.patch
 cve-2020-10018-fix.patch
+cve-2020-11793-fix.patch