Upstream has issued an advisory on April 6: https://webkitgtk.org/security/WSA-2017-0003.html The issues are fixed upstream in 2.14.6 and 2.16.0 (there's also a 2.16.1): https://webkitgtk.org/2017/04/06/webkitgtk2.14.6-released.html https://webkitgtk.org/2017/03/20/webkitgtk2.16.0-released.html https://webkitgtk.org/2017/04/04/webkitgtk2.16.1-released.html
(In reply to David Walser from comment #0) > Upstream has issued an advisory on April 6: > https://webkitgtk.org/security/WSA-2017-0003.html > > The issues are fixed upstream in 2.14.6 and 2.16.0 (there's also a 2.16.1): > https://webkitgtk.org/2017/04/06/webkitgtk2.14.6-released.html > https://webkitgtk.org/2017/03/20/webkitgtk2.16.0-released.html > https://webkitgtk.org/2017/04/04/webkitgtk2.16.1-released.html Nicolas pushed webkit2-2.14.6-1.mga5 last Friday. Suggested Advisory : This verson contains the following security issues: CVE-2016-9643, CVE-2017-2364, CVE-2017-2367, CVE-2017-2369, CVE-2017-2377, CVE-2017-2392, CVE-2017-2394, CVE-2017-2405, CVE-2017-2419, CVE-2017-2442, CVE-2017-2446, CVE-2017-2454, CVE-2017-2459, CVE-2017-2460, CVE-2017-246[56], CVE-2017-2468, CVE-2017-247[01], CVE-2017-247[56], CVE-2017-2481 https://webkitgtk.org/security/WSA-2017-0003.html RPMS: libjavascriptcore-gir4.0-2.14.6-1.mga5.i586 libjavascriptcoregtk4.0_18-2.14.6-1.mga5.i586 libwebkit2-devel-2.14.6-1.mga5.i586 libwebkit2gtk-gir4.0-2.14.6-1.mga5.i586 libwebkit2gtk4.0_37-2.14.6-1.mga5.i586 webkit2-2.14.6-1.mga5.i586 webkit2-jsc-2.14.6-1.mga5.i586 lib64javascriptcore-gir4.0-2.14.6-1.mga5.x86_64 lib64javascriptcoregtk4.0_18-2.14.6-1.mga5.x86_64 lib64webkit2-devel-2.14.6-1.mga5.x86_64 lib64webkit2gtk-gir4.0-2.14.6-1.mga5.x86_64 lib64webkit2gtk4.0_37-2.14.6-1.mga5.x86_64 webkit2-2.14.6-1.mga5.x86_64 webkit2-jsc-2.14.6-1.mga5.x86_64
Assignee: nicolas.salguero => qa-bugsCC: (none) => marja11, nicolas.salguero
ouch s/verson contains/version fixes/ :-(
Trying again, hopefully good this time: (Please don't hesitate to correct if it isn't good!) Nicolas pushed webkit2-2.14.6-1.mga5 last Friday. Suggested Advisory : This version contains the following security fixes: CVE-2016-9643, CVE-2017-2364, CVE-2017-2367, CVE-2017-2369, CVE-2017-2377, CVE-2017-2392, CVE-2017-2394, CVE-2017-2405, CVE-2017-2419, CVE-2017-2442, CVE-2017-2446, CVE-2017-2454, CVE-2017-2459, CVE-2017-2460, CVE-2017-246[56], CVE-2017-2468, CVE-2017-247[01], CVE-2017-247[56], CVE-2017-2481 https://webkitgtk.org/security/WSA-2017-0003.html RPMS: libjavascriptcore-gir4.0-2.14.6-1.mga5.i586 libjavascriptcoregtk4.0_18-2.14.6-1.mga5.i586 libwebkit2-devel-2.14.6-1.mga5.i586 libwebkit2gtk-gir4.0-2.14.6-1.mga5.i586 libwebkit2gtk4.0_37-2.14.6-1.mga5.i586 webkit2-2.14.6-1.mga5.i586 webkit2-jsc-2.14.6-1.mga5.i586 lib64javascriptcore-gir4.0-2.14.6-1.mga5.x86_64 lib64javascriptcoregtk4.0_18-2.14.6-1.mga5.x86_64 lib64webkit2-devel-2.14.6-1.mga5.x86_64 lib64webkit2gtk-gir4.0-2.14.6-1.mga5.x86_64 lib64webkit2gtk4.0_37-2.14.6-1.mga5.x86_64 webkit2-2.14.6-1.mga5.x86_64 webkit2-jsc-2.14.6-1.mga5.x86_64
Ubuntu has issued an advisory for this on April 10: https://www.ubuntu.com/usn/usn-3257-1/
Whiteboard: (none) => advisoryCC: (none) => davidwhodgins
Just testing with epiphany running under strace, confirming webkit2 is used. X86_64 ok, testing under i586 shortly.
Whiteboard: advisory => advisory MGA5-64-OK
i586 ok. Validating the update.
Keywords: (none) => validated_updateWhiteboard: advisory MGA5-64-OK => advisory MGA5-64-OK MGA5-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0109.html
Status: NEW => RESOLVEDResolution: (none) => FIXED