Upstream has issued an advisory on September 26: https://webkitgtk.org/security/WSA-2018-0007.html
Assigning to all packagers collectively, since there is no registered maintainer for this package. CC'ing two committers.
CC: (none) => marja11, mrambo, nicolas.salgueroAssignee: bugsquad => pkg-bugs
Hi, I tried to build webkit2-2.22.2 for Mga6 and here is a summary: - Building with GCC is impossible because version 2.22.x requires at least GCC 6.0.0 and Mga6 has GXX 5.5.0, so I switched to CLANG. - For x86_64, I was able to use CLANG for compiling and GCC for linking (the default behaviour of CLANG when it sees that the default compiler is GCC) and I used the resulting packages with epiphany without noticing any issue. - For armv5tl, all my attempts failed. - For armv7hl, I had to use CLANG for compiling and linking but I could not test if the resulting packages work. - For i586, I had to use CLANG for compiling and linking and add, at the same time, libatomic-devel, a library provided by GCC and here is the biggest problem: in my tests in a virtualbox VM running Mga6 i586, webkit2-2.22.2 causes frequent crashes (with epiphany at least) where the same epiphany with webkit2-2.20.5 has no problem. I tested the same sites with x86_64 and i586. Best regards, Nico.
Ubuntu has issued an advisory for this on October 3: https://usn.ubuntu.com/3781-1/
Try 2.22.4: https://www.webkitgtk.org/2018/11/21/webkitgtk2.22.4-released.html
Upstream has issued an advisory on November 21: https://webkitgtk.org/security/WSA-2018-0008.html
Summary: webkit2 security issues fixed upstream (WSA-2018-0007) => webkit2 security issues fixed upstream (WSA-2018-0007, WSA-2018-0008)
(In reply to David Walser from comment #4) > Try 2.22.4: > https://www.webkitgtk.org/2018/11/21/webkitgtk2.22.4-released.html Sadly, since version 2.22.3, webkit2 requires gstreamer 1.14.
Upstream has issued an advisory on December 13: https://webkitgtk.org/security/WSA-2018-0009.html One new issue is fixed in 2.22.5: https://webkitgtk.org/2018/12/13/webkitgtk2.22.5-released.html
Summary: webkit2 security issues fixed upstream (WSA-2018-0007, WSA-2018-0008) => webkit2 security issues fixed upstream (WSA-2018-0007, WSA-2018-0008, WSA-2018-0009)
Ubuntu has issued an advisory for (part of) this on November 27: https://usn.ubuntu.com/3828-1/
Ubuntu has issued an advisory for the last part of this on January 10: https://usn.ubuntu.com/3854-1/
Upstream has issued an advisory on February 8: https://webkitgtk.org/security/WSA-2019-0001.html Two new issues are fixed in 2.22.6: https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html
Summary: webkit2 security issues fixed upstream (WSA-2018-0007, WSA-2018-0008, WSA-2018-0009) => webkit2 security issues fixed upstream (WSA-2018-0007, WSA-2018-0008, WSA-2018-0009, WSA-2019-0001)
Ubuntu has issued an advisory for the last part of this on February 13: https://usn.ubuntu.com/3889-1/
Upstream has issued an advisory on April 10: https://webkitgtk.org/security/WSA-2019-0002.html Version 2.24.1 contains all of the fixes.
Summary: webkit2 security issues fixed upstream (WSA-2018-0007, WSA-2018-0008, WSA-2018-0009, WSA-2019-0001) => webkit2 security issues fixed upstream (WSA-2018-0007, WSA-2018-0008, WSA-2018-0009, WSA-2019-0001, WSA-2019-0002)
Latest Ubuntu advisory from April 16: https://usn.ubuntu.com/3948-1/
Upstream has issued an advisory today (May 20): https://webkitgtk.org/security/WSA-2019-0003.html Version 2.24.2 contains all of the fixes.
Summary: webkit2 security issues fixed upstream (WSA-2018-0007, WSA-2018-0008, WSA-2018-0009, WSA-2019-0001, WSA-2019-0002) => webkit2 security issues fixed upstream (WSA-2018-0007, WSA-2018-0008, WSA-2018-0009, WSA-2019-0001, WSA-2019-0002, WSA-2019-0003)
Ubuntu advisory for the last part of this, from May 22: https://usn.ubuntu.com/3992-1/
Mageia 6 EOL
Status: NEW => RESOLVEDResolution: (none) => OLD