Bug 23408 - webkit2 security issues fixed upstream (WSA-2018-0006)
Summary: webkit2 security issues fixed upstream (WSA-2018-0006)
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-32-OK
Keywords: has_procedure
Depends on:
Blocks:
 
Reported: 2018-08-08 13:16 CEST by David Walser
Modified: 2018-08-11 10:56 CEST (History)
1 user (show)

See Also:
Source RPM: webkit2-2.20.3-1.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2018-08-08 13:16:40 CEST
Upstream has issued an advisory on August 7:
https://webkitgtk.org/security/WSA-2018-0006.html

The issues have been fixed in 2.20.4, released on August 6:
https://webkitgtk.org/2018/08/06/webkitgtk2.20.4-released.html

Mageia 6 is also affected.

It's building in Cauldron now and Mageia 6 now.

Testing procedure in bug 22876 comment 4

Suggested advisory:
========================

Updated webkit2 packages fix security vulnerabilities:

The webkit2 package has been updated to version 2.20.4, fixing several
security issues and other bugs.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4262
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4284
https://webkitgtk.org/security/WSA-2018-0006.html
https://webkitgtk.org/2018/08/06/webkitgtk2.20.4-released.html
========================

Updated packages in core/updates_testing:
========================
webkit2-2.20.4-1.mga6
webkit2-jsc-2.20.4-1.mga6
lib(64)webkit2gtk4.0_37-2.20.4-1.mga6
lib(64)javascriptcoregtk4.0_18-2.20.4-1.mga6
lib(64)webkit2-devel-2.20.4-1.mga6
lib(64)javascriptcore-gir4.0-2.20.4-1.mga6
lib(64)webkit2gtk-gir4.0-2.20.4-1.mga6

from webkit2-2.20.4-1.mga6.src.rpm
David Walser 2018-08-08 13:16:52 CEST

Keywords: (none) => has_procedure

Comment 1 Herman Viaene 2018-08-11 10:56:22 CEST
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues.
Following procedure above, opened a pfd containing links with atril: expected behavior is OK
Run the perl testscript provides an interacive calendar widget.
All OK.

Whiteboard: (none) => MGA6-32-OK
CC: (none) => herman.viaene


Note You need to log in before you can comment on or make changes to this bug.