Bug 26197 - webkit2 security issues fixed upstream (WSA-2020-0002)
Summary: webkit2 security issues fixed upstream (WSA-2020-0002)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-02-14 16:28 CET by David Walser
Modified: 2020-02-18 15:07 CET (History)
5 users (show)

See Also:
Source RPM: webkit2-2.26.3-1.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2020-02-14 16:28:15 CET
Upstream has issued an advisory today (February 14):
https://webkitgtk.org/security/WSA-2020-0002.html

The issues are fixed upstream in 2.26.4:
https://webkitgtk.org/2020/02/14/webkitgtk2.26.4-released.html
David Walser 2020-02-14 16:28:49 CET

Assignee: bugsquad => pkg-bugs
CC: (none) => nicolas.salguero

Comment 1 Nicolas Salguero 2020-02-14 21:21:19 CET
Suggested advisory:
========================

Updated webkit2 packages fix security vulnerabilities:

The webkit2 package has been updated to version 2.26.4, fixing several security issues and other bugs.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868
https://webkitgtk.org/2020/02/14/webkitgtk2.26.4-released.html
https://webkitgtk.org/security/WSA-2020-0002.html
https://www.openwall.com/lists/oss-security/2020/02/14/6
========================

Updated packages in core/updates_testing:
========================
webkit2-2.26.4-1.mga7
webkit2-jsc-2.26.4-1.mga7
lib(64)webkit2gtk4.0_37-2.26.4-1.mga7
lib(64)javascriptcoregtk4.0_18-2.26.4-1.mga7
lib(64)webkit2-devel-2.26.4-1.mga7
lib(64)javascriptcore-gir4.0-2.26.4-1.mga7
lib(64)webkit2gtk-gir4.0-2.26.4-1.mga7

from SRPMS:
webkit2-2.26.4-1.mga7.src.rpm

Status: NEW => ASSIGNED
Assignee: pkg-bugs => qa-bugs

Comment 2 Herman Viaene 2020-02-17 15:47:47 CET
MGA7-64 Plasma on Lenovo B50
No installation issues
Ref to bug 26127 for test
$ zenity --calendar
I navigate to March 19, clicked OK and got as feedback.
19/03/20

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Comment 3 Thomas Andrews 2020-02-17 21:51:17 CET
Validating. Advisory in Comment 1.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Thomas Backlund 2020-02-18 14:22:59 CET

CC: (none) => tmb
Keywords: (none) => advisory

Comment 4 Mageia Robot 2020-02-18 15:07:44 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0092.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.