| Summary: | webkit2 security issues fixed upstream (WSA-2017-0003) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, marja11, nicolas.salguero, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | advisory MGA5-64-OK MGA5-32-OK | ||
| Source RPM: | webkit2-2.14.5-1.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-04-10 01:05:45 CEST
(In reply to David Walser from comment #0) > Upstream has issued an advisory on April 6: > https://webkitgtk.org/security/WSA-2017-0003.html > > The issues are fixed upstream in 2.14.6 and 2.16.0 (there's also a 2.16.1): > https://webkitgtk.org/2017/04/06/webkitgtk2.14.6-released.html > https://webkitgtk.org/2017/03/20/webkitgtk2.16.0-released.html > https://webkitgtk.org/2017/04/04/webkitgtk2.16.1-released.html Nicolas pushed webkit2-2.14.6-1.mga5 last Friday. Suggested Advisory : This verson contains the following security issues: CVE-2016-9643, CVE-2017-2364, CVE-2017-2367, CVE-2017-2369, CVE-2017-2377, CVE-2017-2392, CVE-2017-2394, CVE-2017-2405, CVE-2017-2419, CVE-2017-2442, CVE-2017-2446, CVE-2017-2454, CVE-2017-2459, CVE-2017-2460, CVE-2017-246[56], CVE-2017-2468, CVE-2017-247[01], CVE-2017-247[56], CVE-2017-2481 https://webkitgtk.org/security/WSA-2017-0003.html RPMS: libjavascriptcore-gir4.0-2.14.6-1.mga5.i586 libjavascriptcoregtk4.0_18-2.14.6-1.mga5.i586 libwebkit2-devel-2.14.6-1.mga5.i586 libwebkit2gtk-gir4.0-2.14.6-1.mga5.i586 libwebkit2gtk4.0_37-2.14.6-1.mga5.i586 webkit2-2.14.6-1.mga5.i586 webkit2-jsc-2.14.6-1.mga5.i586 lib64javascriptcore-gir4.0-2.14.6-1.mga5.x86_64 lib64javascriptcoregtk4.0_18-2.14.6-1.mga5.x86_64 lib64webkit2-devel-2.14.6-1.mga5.x86_64 lib64webkit2gtk-gir4.0-2.14.6-1.mga5.x86_64 lib64webkit2gtk4.0_37-2.14.6-1.mga5.x86_64 webkit2-2.14.6-1.mga5.x86_64 webkit2-jsc-2.14.6-1.mga5.x86_64 Assignee:
nicolas.salguero =>
qa-bugs ouch s/verson contains/version fixes/ :-( Trying again, hopefully good this time: (Please don't hesitate to correct if it isn't good!) Nicolas pushed webkit2-2.14.6-1.mga5 last Friday. Suggested Advisory : This version contains the following security fixes: CVE-2016-9643, CVE-2017-2364, CVE-2017-2367, CVE-2017-2369, CVE-2017-2377, CVE-2017-2392, CVE-2017-2394, CVE-2017-2405, CVE-2017-2419, CVE-2017-2442, CVE-2017-2446, CVE-2017-2454, CVE-2017-2459, CVE-2017-2460, CVE-2017-246[56], CVE-2017-2468, CVE-2017-247[01], CVE-2017-247[56], CVE-2017-2481 https://webkitgtk.org/security/WSA-2017-0003.html RPMS: libjavascriptcore-gir4.0-2.14.6-1.mga5.i586 libjavascriptcoregtk4.0_18-2.14.6-1.mga5.i586 libwebkit2-devel-2.14.6-1.mga5.i586 libwebkit2gtk-gir4.0-2.14.6-1.mga5.i586 libwebkit2gtk4.0_37-2.14.6-1.mga5.i586 webkit2-2.14.6-1.mga5.i586 webkit2-jsc-2.14.6-1.mga5.i586 lib64javascriptcore-gir4.0-2.14.6-1.mga5.x86_64 lib64javascriptcoregtk4.0_18-2.14.6-1.mga5.x86_64 lib64webkit2-devel-2.14.6-1.mga5.x86_64 lib64webkit2gtk-gir4.0-2.14.6-1.mga5.x86_64 lib64webkit2gtk4.0_37-2.14.6-1.mga5.x86_64 webkit2-2.14.6-1.mga5.x86_64 webkit2-jsc-2.14.6-1.mga5.x86_64 Ubuntu has issued an advisory for this on April 10: https://www.ubuntu.com/usn/usn-3257-1/
Dave Hodgins
2017-04-15 00:30:35 CEST
Whiteboard:
(none) =>
advisory Just testing with epiphany running under strace, confirming webkit2 is used. X86_64 ok, testing under i586 shortly. Whiteboard:
advisory =>
advisory MGA5-64-OK i586 ok. Validating the update. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0109.html Status:
NEW =>
RESOLVED |