Upstream has issued an advisory on February 15: https://webkitgtk.org/security/WSA-2021-0001.html See also: https://webkitgtk.org/2021/02/11/webkitgtk2.30.5-released.html
Whiteboard: (none) => MGA7TOOSource RPM: (none) => webkit2-2.30.4-1.mga8.src.rpm
Whiteboard: MGA7TOO => MGA7TOO, MGA8TOO
Assigning this to you, Nicolas, as you did the last two new versions.
Assignee: bugsquad => nicolas.salguero
Ubuntu has issued an advisory for this on February 18: https://ubuntu.com/security/notices/USN-4739-1
Severity: normal => major
pushed in cauldron mga7/8 src: webkit2-2.30.5-1.1.mga7 webkit2-2.30.5-1.1.mga8
CC: (none) => mageiaAssignee: nicolas.salguero => qa-bugsWhiteboard: MGA7TOO, MGA8TOO => MGA7TOOVersion: Cauldron => 8
No, it shouldn't have a subrel. Mageia 7 build needs to be deleted and re-submitted.
Assignee: qa-bugs => nicolas.salguero
no need it failed :-)
pushed in cauldron mga7/8 src: webkit2-2.30.5-1.mga7 webkit2-2.30.5-1.mga8
Assignee: nicolas.salguero => qa-bugs
Package list: webkit2-2.30.5-1.mga7 webkit2-jsc-2.30.5-1.mga7 libwebkit2gtk4.0_37-2.30.5-1.mga7 libjavascriptcoregtk4.0_18-2.30.5-1.mga7 libwebkit2-devel-2.30.5-1.mga7 libjavascriptcore-gir4.0-2.30.5-1.mga7 libwebkit2gtk-gir4.0-2.30.5-1.mga7 webkit2-2.30.5-1.mga8 webkit2-jsc-2.30.5-1.mga8 libjavascriptcoregtk4.0_18-2.30.5-1.mga8 libwebkit2gtk4.0_37-2.30.5-1.mga8 libwebkit2gtk-gir4.0-2.30.5-1.mga8 libjavascriptcore-gir4.0-2.30.5-1.mga8 libwebkit2-devel-2.30.5-1.mga8
Whiteboard: MGA7TOO => MGA7TOO MGA8-64-OK
Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.30.5, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13558 https://webkitgtk.org/security/WSA-2021-0001.html https://webkitgtk.org/2020/12/15/webkitgtk2.30.4-released.html https://webkitgtk.org/2021/02/11/webkitgtk2.30.5-released.html
CC: (none) => luigiwalser
MGA8-64 Using QA Repo webkit2-2.30.5-1.mga8 webkit2-jsc-2.30.5-1.mga8 libjavascriptcoregtk4.0_18-2.30.5-1.mga8 libwebkit2gtk4.0_37-2.30.5-1.mga8 libwebkit2gtk-gir4.0-2.30.5-1.mga8 libjavascriptcore-gir4.0-2.30.5-1.mga8 Install OK.
CC: (none) => ouaurelien
MGA7-64 MATE on Peaq C1011 No installation issues Ref bug 27656 for testing $ zenity --calendar 17/03/21 $ zenity --calendar 24/03/21 The first one is by pressing OK on the dialogue, the second one by double clicking on the date cheosen. OK for me.
CC: (none) => herman.viaeneWhiteboard: MGA7TOO MGA8-64-OK => MGA7TOO MGA8-64-OK MGA7-64-OK
Forward from Comment 9, installs OK also on MGA7-64 Plasma. Note also that Mageia Control Centre runs fine on both systems. Giving this a OK. Validating Advisory pushed to SVN.
Keywords: (none) => advisory, validated_updateCVE: (none) => CVE-2020-13558CC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0107.html
Status: NEW => RESOLVEDResolution: (none) => FIXED