Upstream has issued an advisory on June 13: https://webkitgtk.org/security/WSA-2018-0005.html The issues have been fixed in 2.20.3, released on June 11: https://webkitgtk.org/2018/06/11/webkitgtk2.20.3-released.html Mageia 6 is also affected. It's building in Cauldron now and will be pushed in Mageia 6 when that's done. Testing procedure in bug 22876 comment 4 Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.20.3, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4190 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4199 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4218 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4222 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4232 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4233 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4246 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11646 https://webkitgtk.org/security/WSA-2018-0005.html https://webkitgtk.org/2018/06/11/webkitgtk2.20.3-released.html ======================== Updated packages in core/updates_testing: ======================== webkit2-2.20.3-1.mga6 webkit2-jsc-2.20.3-1.mga6 lib(64)webkit2gtk4.0_37-2.20.3-1.mga6 lib(64)javascriptcoregtk4.0_18-2.20.3-1.mga6 lib(64)webkit2-devel-2.20.3-1.mga6 lib(64)javascriptcore-gir4.0-2.20.3-1.mga6 lib(64)webkit2gtk-gir4.0-2.20.3-1.mga6 from SRPMS: webkit2-2.20.3-1.mga6.src.rpm
Building in Mageia 6 now. Info in Comment 0.
Assignee: bugsquad => qa-bugsKeywords: (none) => has_procedure
MGA6-32 on IBM Thinkpad R50e MATE No installation issues. Followed testing procedure in using zenity and the script (see attachment) Found also an example of a pdf with internal and external hyperlinks (next attachment) All work OK.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
Created attachment 10262 [details] zenity test script
Created attachment 10263 [details] Sample pdf with hyperlinks
Advisory committed to svn. Validating the update.
CC: (none) => davidwhodgins
Actually adding the keywords.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0302.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED