Bug 23004 - webkit2 security issues fixed upstream (WSA-2018-0004)
Summary: webkit2 security issues fixed upstream (WSA-2018-0004)
Status: ASSIGNED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords: has_procedure
Depends on:
Blocks:
 
Reported: 2018-05-08 16:06 CEST by David Walser
Modified: 2018-05-19 04:16 CEST (History)
4 users (show)

See Also:
Source RPM: webkit2-2.20.1-1.mga6.src.rpm
CVE: CVE-2018-4200
Status comment:


Attachments

Description David Walser 2018-05-08 16:06:23 CEST
Upstream has issued an advisory on May 7:
https://webkitgtk.org/security/WSA-2018-0004.html

CVE-2018-4200 was fixed in 2.20.2 on May 7:
https://webkitgtk.org/2018/05/07/webkitgtk2.20.2-released.html

Mageia 6 is also affected.
David Walser 2018-05-08 16:06:31 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-05-09 08:37:06 CEST
Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC'ing some committers.

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11, mrambo, nicolas.salguero, olav

Comment 2 Nicolas Salguero 2018-05-09 11:12:36 CEST
Suggested advisory:
========================

Updated webkit2 packages fix security vulnerabilities:

The webkit2 package has been updated to version 2.20.2, fixing several
security issues and other bugs.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4200
https://www.webkitgtk.org/security/WSA-2018-0004.html
https://www.webkitgtk.org/2018/05/07/webkitgtk2.20.2-released.html
========================

Updated packages in core/updates_testing:
========================
webkit2-2.20.2-1.mga6
webkit2-jsc-2.20.2-1.mga6
lib(64)webkit2gtk4.0_37-2.20.2-1.mga6
lib(64)javascriptcoregtk4.0_18-2.20.2-1.mga6
lib(64)webkit2-devel-2.20.2-1.mga6
lib(64)javascriptcore-gir4.0-2.20.2-1.mga6
lib(64)webkit2gtk-gir4.0-2.20.2-1.mga6

from SRPMS:
webkit2-2.20.2-1.mga6.src.rpm

CVE: (none) => CVE-2018-4200
Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

Comment 3 claire robinson 2018-05-19 04:16:01 CEST
Procedure in bug 22876 comment 4

Keywords: (none) => has_procedure


Note You need to log in before you can comment on or make changes to this bug.