Upstream has issued an advisory on January 23: https://webkitgtk.org/security/WSA-2020-0001.html
Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.26.3, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8835 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8844 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8846 https://webkitgtk.org/2020/01/22/webkitgtk2.26.3-released.html https://webkitgtk.org/security/WSA-2020-0001.html https://www.openwall.com/lists/oss-security/2020/01/23/2 ======================== Updated packages in core/updates_testing: ======================== webkit2-2.26.3-1.mga7 webkit2-jsc-2.26.3-1.mga7 lib(64)webkit2gtk4.0_37-2.26.3-1.mga7 lib(64)javascriptcoregtk4.0_18-2.26.3-1.mga7 lib(64)webkit2-devel-2.26.3-1.mga7 lib(64)javascriptcore-gir4.0-2.26.3-1.mga7 lib(64)webkit2gtk-gir4.0-2.26.3-1.mga7 from SRPMS: webkit2-2.26.3-1.mga7.src.rpm
CVE: (none) => CVE-2019-8835, CVE-2019-8844, CVE-2019-8846Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugsSource RPM: (none) => webkit2-2.26.2-1.mga7.src.rpm
Referred to Bug 25657 for a testing procedure. The following 5 packages are going to be installed: - lib64javascriptcore-gir4.0-2.26.3-1.mga7.x86_64 - lib64javascriptcoregtk4.0_18-2.26.3-1.mga7.x86_64 - lib64webkit2gtk-gir4.0-2.26.3-1.mga7.x86_64 - lib64webkit2gtk4.0_37-2.26.3-1.mga7.x86_64 - webkit2-2.26.3-1.mga7.x86_64 Used atril to load a copy of an old tax form instructions, and from there clicked on a link to the IRS Taxpayer Bill of Rights, where I learned I have the right to a fair and just tax system. Reserving judgement on that one for the moment. From the CLI, "zenity --calendar" returned a clickable calendar. Looks OK here.
Whiteboard: (none) => MGA7-64-OKCC: (none) => andrewsfarm
Validating. Advisory in Comment 1.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0067.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED