A CVE has been requested for a security issue in webkit/webkit2: http://openwall.com/lists/oss-security/2015/03/17/11 It's not clear if the version of webkit in Mageia 4 is affected. If a CVE is assigned soon, I'll add the patch in Cauldron. Reproducible: Steps to Reproduce:
CVE-2015-2330 has been assigned: http://openwall.com/lists/oss-security/2015/03/18/4 Patch checked into webkit and webkit2 SVN in Cauldron. Freeze push requested.
Summary: webkit, webkit2 new TLS certificate verification security issue => webkit, webkit2 new TLS certificate verification security issue (CVE-2015-2330)
Looking at the code, the patch doesn't exactly apply to webkit in Mageia 4, and the patch appears to be making the code more similar to what it already is in the older version, but not exactly, so it might apply. For now, I'll close this if it's pushed in Cauldron, but if another distro makes an update for this CVE for older webkitgtk, I'll reopen it.
Fixed with webkit-2.4.8-2.mga5 and webkit2-2.6.5-2.mga5.
Status: NEW => RESOLVEDResolution: (none) => FIXED
Fedora has issued an advisory for this on March 19: https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153553.html
URL: (none) => http://lwn.net/Vulnerabilities/638447/