Upstream has issued an advisory on March 12: https://webkitgtk.org/security/WSA-2020-0003.html The issue is fixed upstream in 2.28.0: https://webkitgtk.org/2020/03/10/webkitgtk2.28.0-released.html
Updated package uploaded by Nicolas. Advisory: ======================== Updated webkit2 packages fix security vulnerability: WebKitGTK through 2.26.4 contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution (CVE-2020-10018). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10018 https://webkitgtk.org/2020/03/10/webkitgtk2.28.0-released.html https://webkitgtk.org/security/WSA-2020-0003.html ======================== Updated packages in core/updates_testing: ======================== webkit2-2.28.0-1.mga7 webkit2-jsc-2.28.0-1.mga7 libwebkit2gtk4.0_37-2.28.0-1.mga7 libjavascriptcoregtk4.0_18-2.28.0-1.mga7 libwebkit2-devel-2.28.0-1.mga7 libjavascriptcore-gir4.0-2.28.0-1.mga7 libwebkit2gtk-gir4.0-2.28.0-1.mga7 from webkit2-2.28.0-1.mga7.src.rpm
CC: (none) => nicolas.salgueroAssignee: nicolas.salguero => qa-bugs
CC: (none) => tmbKeywords: (none) => advisory
MGA7-64 Plasma on Lenovo B50 Noinstallation issues. Ref bug 26127 for test. $ zenity --calendar pick March 24 on it and get feedback. 24/03/20 OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0144.html
Status: NEW => RESOLVEDResolution: (none) => FIXED