Upstream has issued an advisory on May 7: https://webkitgtk.org/security/WSA-2018-0004.html CVE-2018-4200 was fixed in 2.20.2 on May 7: https://webkitgtk.org/2018/05/07/webkitgtk2.20.2-released.html Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package. CC'ing some committers.
CC: (none) => marja11, mrambo, nicolas.salguero, olavAssignee: bugsquad => pkg-bugs
Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.20.2, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4200 https://www.webkitgtk.org/security/WSA-2018-0004.html https://www.webkitgtk.org/2018/05/07/webkitgtk2.20.2-released.html ======================== Updated packages in core/updates_testing: ======================== webkit2-2.20.2-1.mga6 webkit2-jsc-2.20.2-1.mga6 lib(64)webkit2gtk4.0_37-2.20.2-1.mga6 lib(64)javascriptcoregtk4.0_18-2.20.2-1.mga6 lib(64)webkit2-devel-2.20.2-1.mga6 lib(64)javascriptcore-gir4.0-2.20.2-1.mga6 lib(64)webkit2gtk-gir4.0-2.20.2-1.mga6 from SRPMS: webkit2-2.20.2-1.mga6.src.rpm
Assignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNEDCVE: (none) => CVE-2018-4200Version: Cauldron => 6Whiteboard: MGA6TOO => (none)
Procedure in bug 22876 comment 4
Keywords: (none) => has_procedure
Mageia 6, x86_64 Found no reproducers for the security flaws and bugs. Updated the packages, adding webkit2-jsc and lib64webkit2-devel. Referred to previous bug 22876 for procedure. Used atril to look at the TurboPrint manual as a PDF. It worked perfectly including following hyperlinks and weblinks. Ran shotwell on a small image collection. That worked fine and it also launched a video in the same directory. Called zenity with the calendar dialogue. This displayed an interactive calendar widget and returned a selected date as a string in the terminal. $ zenity --calendar calendar.pl Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged. 22/06/17 Hoping that these functionality tests are sufficient for an OK.
Whiteboard: (none) => MGA6-64-OKCC: (none) => tarazed25
Created attachment 10184 [details] Interactive calendar widget script for zenity Downloaded from https://help.gnome.org/users/zenity/3.24/calendar.html.en $ zenity --calendar calendar.pl
Len, your tests were deemed sufficient to validate this the last time, so they should be this time, too. Validating. Suggested advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0258.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED