Hi, Upstream has released 2.28.3: https://webkitgtk.org/2020/07/09/webkitgtk2.28.3-released.html, which seems to only fix bugs but not security issues. Best regards, Nico.
Suggested advisory: ======================== The webkit2 package has been updated to version 2.28.3, fixing several bugs. References: https://webkitgtk.org/2020/07/09/webkitgtk2.28.3-released.html ======================== Updated packages in core/updates_testing: ======================== webkit2-2.28.3-1.mga7 webkit2-jsc-2.28.3-1.mga7 lib(64)webkit2gtk4.0_37-2.28.3-1.mga7 lib(64)javascriptcoregtk4.0_18-2.28.3-1.mga7 lib(64)webkit2-devel-2.28.3-1.mga7 lib(64)javascriptcore-gir4.0-2.28.3-1.mga7 lib(64)webkit2gtk-gir4.0-2.28.3-1.mga7 from webkit2-2.28.3-1.mga7.src.rpm
Source RPM: (none) => webkit2-2.28.2-1.mga7.src.rpmAssignee: bugsquad => qa-bugsStatus: NEW => ASSIGNED
Upstream has issued an advisory today (July 10): https://webkitgtk.org/security/WSA-2020-0006.html Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.28.3, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9803 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9805 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9806 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9807 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9843 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9850 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13753 https://webkitgtk.org/2020/07/09/webkitgtk2.28.3-released.html https://webkitgtk.org/security/WSA-2020-0006.html
Component: RPM Packages => SecuritySummary: webkit2 2.28.3 => webkit2 security issues fixed upstream (WSA-2020-0006)QA Contact: (none) => security
Ubuntu has issued an advisory for this today (July 14): https://ubuntu.com/security/notices/USN-4422-1
Severity: normal => major
MGA7-64 Plasma on Lenovo B50 No installation issues. Testing with $ zenity --calendar 21/07/20 and getting ssame behavior asin bug 26550, so OK on this.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Dueling advisories, but it looks like the best one is in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.28.4, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9803 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9805 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9806 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9807 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9843 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9850 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13753 https://webkitgtk.org/2020/07/09/webkitgtk2.28.3-released.html https://webkitgtk.org/2020/07/28/webkitgtk2.28.4-released.html https://webkitgtk.org/security/WSA-2020-0006.html https://ubuntu.com/security/notices/USN-4422-1 ======================== Updated packages in core/updates_testing: ======================== webkit2-2.28.4-1.mga7 webkit2-jsc-2.28.4-1.mga7 lib(64)webkit2gtk4.0_37-2.28.4-1.mga7 lib(64)javascriptcoregtk4.0_18-2.28.4-1.mga7 lib(64)webkit2-devel-2.28.4-1.mga7 lib(64)javascriptcore-gir4.0-2.28.4-1.mga7 lib(64)webkit2gtk-gir4.0-2.28.4-1.mga7 from webkit2-2.28.4-1.mga7.src.rpm
Whiteboard: MGA7-64-OK => (none)Keywords: validated_update => (none)
Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.28.4, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9802 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9803 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9805 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9806 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9807 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9843 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9850 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9862 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9893 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9894 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9895 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9915 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9925 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13753 https://webkitgtk.org/2020/07/09/webkitgtk2.28.3-released.html https://webkitgtk.org/2020/07/28/webkitgtk2.28.4-released.html https://webkitgtk.org/security/WSA-2020-0006.html https://webkitgtk.org/security/WSA-2020-0007.html https://ubuntu.com/security/notices/USN-4422-1
Summary: webkit2 security issues fixed upstream (WSA-2020-0006) => webkit2 security issues fixed upstream (WSA-2020-0006 and WSA-2020-0007)
Testing newer version $ zenity --calendar 20/09/20 OK again.
Whiteboard: (none) => MGA7-64-OK
We'll try again. Validating. New advisory in Comment 7.
Keywords: (none) => validated_update
Ubuntu has issued an advisory for the 2.28.4 fixes on August 3: https://ubuntu.com/security/notices/USN-4444-1 Please append that to the references in the advisory.
CC: (none) => mageiaKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0317.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED