Upstream has issued an advisory on March 22: https://webkitgtk.org/security/WSA-2021-0002.html See also: https://webkitgtk.org/2021/03/18/webkitgtk2.30.6-released.html
Whiteboard: (none) => MGA7TOOSource RPM: (none) => webkit2-2.30.5-1.mga8.src.rpm
Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.30.6, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27918 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29623 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9947 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1765 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1799 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1801 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870 https://webkitgtk.org/security/WSA-2021-0002.html https://webkitgtk.org/2021/03/18/webkitgtk2.30.6-released.html ======================== Updated packages in 7/core/updates_testing: ======================== webkit2-2.30.6-1.mga7 webkit2-jsc-2.30.6-1.mga7 lib(64)webkit2gtk4.0_37-2.30.6-1.mga7 lib(64)javascriptcoregtk4.0_18-2.30.6-1.mga7 lib(64)webkit2-devel-2.30.6-1.mga7 lib(64)javascriptcore-gir4.0-2.30.6-1.mga7 lib(64)webkit2gtk-gir4.0-2.30.6-1.mga7 from SRPM: webkit2-2.30.6-1.mga7.src.rpm Updated packages in 8/core/updates_testing: ======================== webkit2-2.30.6-1.mga8 webkit2-jsc-2.30.6-1.mga8 lib(64)webkit2gtk4.0_37-2.30.6-1.mga8 lib(64)javascriptcoregtk4.0_18-2.30.6-1.mga8 lib(64)webkit2-devel-2.30.6-1.mga8 lib(64)javascriptcore-gir4.0-2.30.6-1.mga8 lib(64)webkit2gtk-gir4.0-2.30.6-1.mga8 from SRPM: webkit2-2.30.6-1.mga8.src.rpm
Status: NEW => ASSIGNEDAssignee: bugsquad => qa-bugs
Upstream has issued an advisory on March 29: https://webkitgtk.org/security/WSA-2021-0003.html See also: https://webkitgtk.org/2021/03/26/webkitgtk2.32.0-released.html
Assignee: qa-bugs => nicolas.salgueroSummary: webkit2 security issues fixed upstream (WSA-2021-0002) => webkit2 security issues fixed upstream (WSA-2021-0002 and WSA-2021-0003)
Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.32.0, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27918 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29623 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9947 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1765 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1799 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1801 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1788 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1844 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1871 https://webkitgtk.org/security/WSA-2021-0002.html https://webkitgtk.org/security/WSA-2021-0003.html https://webkitgtk.org/2021/03/18/webkitgtk2.30.6-released.html https://webkitgtk.org/2021/03/26/webkitgtk2.32.0-released.html ======================== Updated packages in 7/core/updates_testing: ======================== webkit2-2.32.0-1.mga7 webkit2-jsc-2.32.0-1.mga7 lib(64)webkit2gtk4.0_37-2.32.0-1.mga7 lib(64)javascriptcoregtk4.0_18-2.32.0-1.mga7 lib(64)webkit2-devel-2.32.0-1.mga7 lib(64)javascriptcore-gir4.0-2.32.0-1.mga7 lib(64)webkit2gtk-gir4.0-2.32.0-1.mga7 from SRPM: webkit2-2.32.0-1.mga7.src.rpm Updated packages in 8/core/updates_testing: ======================== webkit2-2.32.0-1.mga8 webkit2-jsc-2.32.0-1.mga8 lib(64)webkit2gtk4.0_37-2.32.0-1.mga8 lib(64)javascriptcoregtk4.0_18-2.32.0-1.mga8 lib(64)webkit2-devel-2.32.0-1.mga8 lib(64)javascriptcore-gir4.0-2.32.0-1.mga8 lib(64)webkit2gtk-gir4.0-2.32.0-1.mga8 from SRPM: webkit2-2.32.0-1.mga8.src.rpm
Assignee: nicolas.salguero => qa-bugs
MGA8 x86_64 Plasma. Updating is OK. No regression. MCC help runs fine. Same on Mageia 7.
CC: (none) => ouaurelien
MGA7-64 MATE on Peaq C1011 At installation, all packages install OK, except urpmi lib64webkit2-devel-2.32.0-1.mga7 The following packages can't be installed because they depend on packages that are older than the installed ones: lib64mount-devel-2.33.2-1.mga7 lib64glib2.0-devel-2.60.2-1.4.mga7 lib64webkit2-devel-2.32.0-1.mga7 Continuing test: as per bug 28370 $ zenity --calendar 13/04/21 [tester7@mach7 ~]$ zenity --calendar 21/04/21 The first one is by pressing OK on the dialogue, the second one by double clicking on the date cheosen. OK for me.
CC: (none) => herman.viaeneWhiteboard: MGA7TOO => MGA7TOO MGA7-64-OK
Since you've already installed glib2.0 and libmount from updates_testing, you need to include those devel packages if you're using QARepo.
CC: (none) => luigiwalser
Using the tests in Comment 4 to give the mga8 OK, and Comment 6 explains the issues from Comment 5. Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateWhiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0181.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED