Bug 25377 - webkit2 security issues fixed upstream (WSA-2019-0004)
Summary: webkit2 security issues fixed upstream (WSA-2019-0004)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-08-29 08:40 CEST by Nicolas Salguero
Modified: 2019-09-15 16:46 CEST (History)
3 users (show)

See Also:
Source RPM:
CVE:
Status comment:


Attachments

Description Nicolas Salguero 2019-08-29 08:40:18 CEST
Hi,

Upstream released version 2.24.4 yesterday.  This is a bug fix release in the stable 2.24 series.

References:
https://webkitgtk.org/2019/07/02/webkitgtk2.24.3-released.html
https://webkitgtk.org/2019/08/28/webkitgtk2.24.4-released.html

Best regards,

Nico.
Comment 1 Nicolas Salguero 2019-08-30 11:40:29 CEST
https://webkitgtk.org/security/WSA-2019-0004.html

Component: RPM Packages => Security
QA Contact: (none) => security
Summary: webkit2 2.24.4 => webkit2 security issues fixed upstream (WSA-2019-0004)

Comment 2 Nicolas Salguero 2019-08-30 11:46:59 CEST
Testing procedure in bug 22876 comment 4

Suggested advisory:
========================

Updated webkit2 packages fix security vulnerabilities:

The webkit2 package has been updated to version 2.24.4, fixing several
security issues and other bugs.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8644
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8671
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8673
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8676
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8677
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8681
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8683
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8684
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8686
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8687
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8690
https://webkitgtk.org/2019/07/02/webkitgtk2.24.3-released.html
https://webkitgtk.org/2019/08/28/webkitgtk2.24.4-released.html
https://webkitgtk.org/security/WSA-2019-0004.html
========================

Updated packages in core/updates_testing:
========================
webkit2-2.24.4-1.mga7
webkit2-jsc-2.24.4-1.mga7
webkit2-plugin-process-gtk2-2.24.4-1.mga7
lib(64)webkit2gtk4.0_37-2.24.4-1.mga7
lib(64)javascriptcoregtk4.0_18-2.24.4-1.mga7
lib(64)webkit2-devel-2.24.4-1.mga7
lib(64)javascriptcore-gir4.0-2.24.4-1.mga7
lib(64)webkit2gtk-gir4.0-2.24.4-1.mga7

from webkit2-2.24.4-1.mga7.src.rpm

Assignee: bugsquad => qa-bugs
Status: NEW => ASSIGNED

Comment 3 Herman Viaene 2019-09-15 11:02:56 CEST
MGA7-64 Plasma on Lenovo B50
No installation issues;
Ref bug 22876 Comment 4 for testing:
Opened pdf with clickable links with okular and atril:works OK
Installed zenity and used script from https://help.gnome.org/users/zenity/3.24/calendar.html.en
to display a calendar:OK

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Thomas Backlund 2019-09-15 15:10:45 CEST

Keywords: (none) => advisory, validated_update
CC: (none) => tmb, sysadmin-bugs

Comment 4 Mageia Robot 2019-09-15 16:46:44 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0281.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.