Bug 29282 - webkit2 security issues fixed upstream (WSA-2021-0004)
Summary: webkit2 security issues fixed upstream (WSA-2021-0004)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on: 29339
Blocks:
  Show dependency treegraph
 
Reported: 2021-07-23 21:36 CEST by David Walser
Modified: 2021-08-14 16:01 CEST (History)
3 users (show)

See Also:
Source RPM: webkit2-2.32.1-1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2021-07-23 21:36:56 CEST
Upstream has issued an advisory today (July 23):
https://webkitgtk.org/security/WSA-2021-0004.html

The issues are fixed upstream in 2.32.3:
https://webkitgtk.org/2021/07/23/webkitgtk2.32.3-released.html

There was an intermediate bugfix release since our last update:
https://webkitgtk.org/2021/07/09/webkitgtk2.32.2-released.html

Update committed to SVN, but build failed in Cauldron:
http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20210723192827.luigiwalser.duvel.48826/log/webkit2-2.32.3-1.mga9/build.aarch64.0.20210723192917.log

Suggested advisory:
========================

Updated webkit2 packages fix security vulnerabilities:

The webkit2 package has been updated to version 2.32.3, fixing several security issues and other bugs.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30799
https://webkitgtk.org/2021/07/09/webkitgtk2.32.2-released.html
https://webkitgtk.org/2021/07/23/webkitgtk2.32.3-released.html
https://webkitgtk.org/security/WSA-2021-0004.html
========================

Updated packages in core/updates_testing:
========================
libjavascriptcore-gir4.0-2.32.3-1.mga8
libjavascriptcoregtk4.0_18-2.32.3-1.mga8
libwebkit2-devel-2.32.3-1.mga8
libwebkit2gtk-gir4.0-2.32.3-1.mga8
libwebkit2gtk4.0_37-2.32.3-1.mga8
webkit2-2.32.3-1.mga8
webkit2-jsc-2.32.3-1.mga8

from webkit2-2.32.3-1.mga8.src.rpm
David Walser 2021-07-23 21:37:17 CEST

Whiteboard: (none) => MGA8TOO

Comment 1 David Walser 2021-07-29 23:28:32 CEST
Ubuntu has issued an advisory for this on July 28:
https://ubuntu.com/security/notices/USN-5024-1
David Walser 2021-08-07 19:22:42 CEST

Depends on: (none) => 29339

David Walser 2021-08-08 16:02:02 CEST

Whiteboard: MGA8TOO => (none)
Assignee: nicolas.salguero => qa-bugs
Version: Cauldron => 8

Comment 2 Herman Viaene 2021-08-09 15:01:10 CEST
MGA8-64 Plasma on Lenovo B50
No installation issues.
As in previous updates:
 zenity --calendar
-- click on 20/8/2021,displays
20-08-21
OK fpr me.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 3 Thomas Andrews 2021-08-11 13:45:20 CEST
Validating. Advisory in Comment 0.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2021-08-14 13:01:14 CEST

Keywords: (none) => advisory

Comment 4 Mageia Robot 2021-08-14 16:01:42 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0400.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.