Upstream has released 2.18.5 today (January 10), containing Spectre mitigations: https://www.webkitgtk.org/2018/01/10/webkitgtk2.18.5-released.html Updated packages submitted for Mageia 6 and Cauldron.
webkit2-2.18.5-1.mga6 did build, thanks David Assigning to all packagers collectively, since there is no registered maintainer for this package.
Component: RPM Packages => SecurityAssignee: bugsquad => pkg-bugsQA Contact: (none) => securityCC: (none) => marja11
Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.18.5, containing Spectre mitigations. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 https://www.webkitgtk.org/2018/01/10/webkitgtk2.18.5-released.html ======================== Updated packages in core/updates_testing: ======================== webkit2-2.18.5-1.mga6 webkit2-jsc-2.18.5-1.mga6 lib(64)webkit2gtk4.0_37-2.18.5-1.mga6 lib(64)javascriptcoregtk4.0_18-2.18.5-1.mga6 lib(64)webkit2-devel-2.18.5-1.mga6 lib(64)javascriptcore-gir4.0-2.18.5-1.mga6 lib(64)webkit2gtk-gir4.0-2.18.5-1.mga6 from SRPMS: webkit2-2.18.5-1.mga6.src.rpm
Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsCC: (none) => nicolas.salguero
They eventually issued an advisory yesterday: https://webkitgtk.org/security/WSA-2018-0001.html Please include it in the References.
Summary: webkit2 2.18.5 contains Spectre mitigations => webkit2 2.18.5 contains Spectre mitigations (WSA-2018-0001)
MGA6-64 on Lenovo B50 Plasma No installation issues Used atril to trace use of webkit2: OK
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-64-OK
(In reply to David Walser from comment #3) > They eventually issued an advisory yesterday: > https://webkitgtk.org/security/WSA-2018-0001.html > Please include it in the References. Done. Also validating - thanks Herman.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0082.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED