Upstream has issued an advisory today (July 23): https://webkitgtk.org/security/WSA-2021-0004.html The issues are fixed upstream in 2.32.3: https://webkitgtk.org/2021/07/23/webkitgtk2.32.3-released.html There was an intermediate bugfix release since our last update: https://webkitgtk.org/2021/07/09/webkitgtk2.32.2-released.html Update committed to SVN, but build failed in Cauldron: http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20210723192827.luigiwalser.duvel.48826/log/webkit2-2.32.3-1.mga9/build.aarch64.0.20210723192917.log Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.32.3, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21775 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21779 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30663 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30689 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30720 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30734 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30749 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30758 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30795 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30797 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30799 https://webkitgtk.org/2021/07/09/webkitgtk2.32.2-released.html https://webkitgtk.org/2021/07/23/webkitgtk2.32.3-released.html https://webkitgtk.org/security/WSA-2021-0004.html ======================== Updated packages in core/updates_testing: ======================== libjavascriptcore-gir4.0-2.32.3-1.mga8 libjavascriptcoregtk4.0_18-2.32.3-1.mga8 libwebkit2-devel-2.32.3-1.mga8 libwebkit2gtk-gir4.0-2.32.3-1.mga8 libwebkit2gtk4.0_37-2.32.3-1.mga8 webkit2-2.32.3-1.mga8 webkit2-jsc-2.32.3-1.mga8 from webkit2-2.32.3-1.mga8.src.rpm
Whiteboard: (none) => MGA8TOO
Ubuntu has issued an advisory for this on July 28: https://ubuntu.com/security/notices/USN-5024-1
Depends on: (none) => 29339
Whiteboard: MGA8TOO => (none)Assignee: nicolas.salguero => qa-bugsVersion: Cauldron => 8
MGA8-64 Plasma on Lenovo B50 No installation issues. As in previous updates: zenity --calendar -- click on 20/8/2021,displays 20-08-21 OK fpr me.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 0.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0400.html
Status: NEW => RESOLVEDResolution: (none) => FIXED