Bug 31555

Summary: webkit2 security issues fixed upstream (WSA-2023-0002)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, fri, nicolas.salguero, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-32-OK MGA8-64-OK
Source RPM: webkit2-2.38.4-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2023-02-15 17:12:38 CET
Upstream has issued an advisory today (February 15):
https://webkitgtk.org/security/WSA-2023-0002.html

The issue is fixed upstream in 2.38.5:
https://webkitgtk.org/2023/02/15/webkitgtk2.38.5-released.html
Comment 1 Nicolas Salguero 2023-02-16 14:00:38 CET
Suggested advisory:
========================

The updated packages fix a security vulnerability and other issues.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23529
https://webkitgtk.org/security/WSA-2023-0002.html
https://webkitgtk.org/2023/02/15/webkitgtk2.38.5-released.html
========================

Updated packages in core/updates_testing:
========================
lib(64)javascriptcoregtk4.0_18-2.38.5-1.mga8
lib(64)javascriptcore-gir4.0-2.38.5-1.mga8
lib(64)webkit2gtk-gir4.0-2.38.5-1.mga8
lib(64)webkit2gtk4.0_37-2.38.5-1.mga8
lib(64)webkit2-devel-2.38.5-1.mga8
webkit2-jsc-2.38.5-1.mga8
webkit2-2.38.5-1.mga8

from SRPM:
webkit2-2.38.5-1.mga8.src.rpm

Assignee: nicolas.salguero => qa-bugs
Status: NEW => ASSIGNED
CC: (none) => nicolas.salguero

Comment 2 Morgan Leijström 2023-02-17 17:25:57 CET
mga8 -64, plasma, nvidia-current, intel i7, Swedish

Updated existing packages to:
- lib64javascriptcore-gir4.0-2.38.5-1.mga8.x86_64
- lib64javascriptcoregtk4.0_18-2.38.5-1.mga8.x86_64
- lib64webkit2gtk-gir4.0-2.38.5-1.mga8.x86_64
- lib64webkit2gtk4.0_37-2.38.5-1.mga8.x86_64
- webkit2-2.38.5-1.mga8.x86_64

rebooted.

MCC works.
zenity works.

CC: (none) => fri

Comment 3 Thomas Andrews 2023-02-19 23:09:30 CET
MGA8-32 Xfce on Foolishness, a Dell Inspiron 5100, real 32-bit hardware.

No installation issues. Rebooted, though it probably wasn't really necessary.

MCC still not working properly on this system, but that's nothing new. It works in Mageia 9, so there is hope.

Zenity works, as does Atril. 

No new regressions, so OK on 32-bits. Calling it OK on 64 as well, and validating. Advisory in comment 1.

Whiteboard: (none) => MGA8-32-OK MGA8-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2023-02-20 22:25:53 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 4 Mageia Robot 2023-02-20 22:27:09 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0055.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED