| Summary: | webkit2 security issues fixed upstream (WSA-2021-0001) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | herman.viaene, luigiwalser, mageia, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA8-64-OK MGA7-64-OK | ||
| Source RPM: | webkit2-2.30.4-1.mga8.src.rpm | CVE: | CVE-2020-13558 |
| Status comment: | |||
|
Description
Nicolas Salguero
2021-02-17 16:12:38 CET
Nicolas Salguero
2021-02-17 16:13:01 CET
Whiteboard:
(none) =>
MGA7TOO
David Walser
2021-02-17 16:41:16 CET
Whiteboard:
MGA7TOO =>
MGA7TOO, MGA8TOO Assigning this to you, Nicolas, as you did the last two new versions. Assignee:
bugsquad =>
nicolas.salguero Ubuntu has issued an advisory for this on February 18: https://ubuntu.com/security/notices/USN-4739-1 Severity:
normal =>
major pushed in cauldron mga7/8
src:
webkit2-2.30.5-1.1.mga7
webkit2-2.30.5-1.1.mga8CC:
(none) =>
mageia No, it shouldn't have a subrel. Mageia 7 build needs to be deleted and re-submitted. Assignee:
qa-bugs =>
nicolas.salguero no need it failed :-) pushed in cauldron mga7/8
src:
webkit2-2.30.5-1.mga7
webkit2-2.30.5-1.mga8
Nicolas Lécureuil
2021-02-27 11:26:37 CET
Assignee:
nicolas.salguero =>
qa-bugs Package list: webkit2-2.30.5-1.mga7 webkit2-jsc-2.30.5-1.mga7 libwebkit2gtk4.0_37-2.30.5-1.mga7 libjavascriptcoregtk4.0_18-2.30.5-1.mga7 libwebkit2-devel-2.30.5-1.mga7 libjavascriptcore-gir4.0-2.30.5-1.mga7 libwebkit2gtk-gir4.0-2.30.5-1.mga7 webkit2-2.30.5-1.mga8 webkit2-jsc-2.30.5-1.mga8 libjavascriptcoregtk4.0_18-2.30.5-1.mga8 libwebkit2gtk4.0_37-2.30.5-1.mga8 libwebkit2gtk-gir4.0-2.30.5-1.mga8 libjavascriptcore-gir4.0-2.30.5-1.mga8 libwebkit2-devel-2.30.5-1.mga8
Manuel Hiebel
2021-03-01 20:05:33 CET
Whiteboard:
MGA7TOO =>
MGA7TOO MGA8-64-OK Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.30.5, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13558 https://webkitgtk.org/security/WSA-2021-0001.html https://webkitgtk.org/2020/12/15/webkitgtk2.30.4-released.html https://webkitgtk.org/2021/02/11/webkitgtk2.30.5-released.html CC:
(none) =>
luigiwalser MGA8-64 Using QA Repo webkit2-2.30.5-1.mga8 webkit2-jsc-2.30.5-1.mga8 libjavascriptcoregtk4.0_18-2.30.5-1.mga8 libwebkit2gtk4.0_37-2.30.5-1.mga8 libwebkit2gtk-gir4.0-2.30.5-1.mga8 libjavascriptcore-gir4.0-2.30.5-1.mga8 Install OK. CC:
(none) =>
ouaurelien MGA7-64 MATE on Peaq C1011 No installation issues Ref bug 27656 for testing $ zenity --calendar 17/03/21 $ zenity --calendar 24/03/21 The first one is by pressing OK on the dialogue, the second one by double clicking on the date cheosen. OK for me. CC:
(none) =>
herman.viaene Forward from Comment 9, installs OK also on MGA7-64 Plasma. Note also that Mageia Control Centre runs fine on both systems. Giving this a OK. Validating Advisory pushed to SVN.
Aurelien Oudelet
2021-03-04 15:29:07 CET
Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0107.html Status:
NEW =>
RESOLVED |