Upstream has issued an advisory today (November 23): https://webkitgtk.org/security/WSA-2020-0008.html The issues are fixed upstream in 2.30.3: https://webkitgtk.org/2020/11/20/webkitgtk2.30.3-released.html
Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.30.3, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13584 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9948 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9951 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9952 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9983 https://webkitgtk.org/2020/11/20/webkitgtk2.30.3-released.html https://webkitgtk.org/security/WSA-2020-0008.html ======================== Updated packages in core/updates_testing: ======================== webkit2-2.30.3-1.mga7 webkit2-jsc-2.30.3-1.mga7 lib(64)webkit2gtk4.0_37-2.30.3-1.mga7 lib(64)javascriptcoregtk4.0_18-2.30.3-1.mga7 lib(64)webkit2-devel-2.30.3-1.mga7 lib(64)javascriptcore-gir4.0-2.30.3-1.mga7 lib(64)webkit2gtk-gir4.0-2.30.3-1.mga7 from webkit2-2.30.3-1.mga7.src.rpm
CC: (none) => nicolas.salgueroAssignee: bugsquad => qa-bugsStatus: NEW => ASSIGNED
CVE-2020-9952 shouldn't be listed in the advisory, as it was fixed in our previous update.
MGA7-64 MATE on Peaq C1011 No installation issues Ref to bug 26928 e.a. for testing $ zenity --calendar 22/12/20 Is what I expected, OK
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 1, but should be revised according to Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisory pushed to SVN.
Keywords: (none) => advisoryCC: (none) => ouaurelien
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0441.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
Ubuntu has issued an advisory for this on November 26: https://ubuntu.com/security/notices/USN-4648-1 Apparently our update introduced a lot of new dependencies, see Bug 27683.
Summary: webkit2 security issues fixed upstream (WSA-2020-0008) => webkit2 security issues fixed upstream (WSA-2020-0008 and WSA-2020-0009)
Please add CVE-2020-13543 and the following reference to the SVN advisory: https://webkitgtk.org/security/WSA-2020-0009.html
(In reply to David Walser from comment #8) > Please add CVE-2020-13543 and the following reference to the SVN advisory: > https://webkitgtk.org/security/WSA-2020-0009.html Added.