Bug 31330

Summary: webkit2 security issues fixed upstream (WSA-2022-0011)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, herman.viaene, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK MGA8-32-OK
Source RPM: webkit2-2.38.2-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2022-12-27 16:20:19 CET 
Upstream has issued an advisory on December 26:
https://webkitgtk.org/security/WSA-2022-0011.html

The issues are fixed upstream in 2.38.3:
https://webkitgtk.org/2022/12/22/webkitgtk2.38.3-released.html
David Walser 2022-12-27 16:20:54 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 2.38.3
CC: (none) => nicolas.salguero

Comment 1 Lewis Smith 2022-12-27 20:16:52 CET 
Hope it is all right NicolasS to change your CC to assigned. You committed version 2.38.2, and this is a similar exercise.

Assignee: bugsquad => nicolas.salguero
CC: nicolas.salguero => (none)

Comment 2 Nicolas Salguero 2022-12-28 15:41:47 CET 
Suggested advisory:
========================

The updated packages fix security vulnerabilities and other issues.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46700
https://webkitgtk.org/security/WSA-2022-0011.html
https://webkitgtk.org/2022/12/22/webkitgtk2.38.3-released.html
========================

Updated packages in core/updates_testing:
========================
lib(64)javascriptcoregtk4.0_18-2.38.3-1.mga8
lib(64)javascriptcore-gir4.0-2.38.3-1.mga8
lib(64)webkit2gtk-gir4.0-2.38.3-1.mga8
lib(64)webkit2gtk4.0_37-2.38.3-1.mga8
lib(64)webkit2-devel-2.38.3-1.mga8
webkit2-jsc-2.38.3-1.mga8
webkit2-2.38.3-1.mga8

from SRPM:
webkit2-2.38.3-1.mga8.src.rpm

Assignee: nicolas.salguero => qa-bugs
Status: NEW => ASSIGNED
Whiteboard: MGA8TOO => (none)
Status comment: Fixed upstream in 2.38.3 => (none)
Version: Cauldron => 8

Comment 3 Herman Viaene 2022-12-29 10:14:52 CET 
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Ref bugs 31076 and 30866, testing by exercising MCC in each of the main sections, all works OK.
Giving someone (TJ?) the cance to try the 32-bit version as this had some problems in the refered previous bugs.

CC: (none) => herman.viaene

Comment 4 Dave Hodgins 2022-12-29 18:56:32 CET 
Using an i586 vb guest, used qarepo to install
(medium "QA Testing (32-bit)")
  libjavascriptcore-gir4.0       2.38.3       1.mga8        i586    
  libjavascriptcoregtk4.0_18     2.38.3       1.mga8        i586    
  libwebkit2gtk-gir4.0           2.38.3       1.mga8        i586    
  libwebkit2gtk4.0_37            2.38.3       1.mga8        i586    
  webkit2                        2.38.3       1.mga8        i586

mcc and firefox still work. Just to be sure, rebooted and confirmed they still work.

Validating the update.

Whiteboard: (none) => MGA8-64-OK MGA8-32-OK
Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Dave Hodgins 2022-12-30 21:52:29 CET

Keywords: (none) => advisory

Comment 5 Mageia Robot 2022-12-30 23:40:48 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0486.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED