Bug 29479 - webkit2 security issues fixed upstream (WSA-2021-0005)
Summary: webkit2 security issues fixed upstream (WSA-2021-0005)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2021-09-20 18:36 CEST by David Walser
Modified: 2021-09-29 19:24 CEST (History)
5 users (show)

See Also:
Source RPM: webkit2-2.32.3-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-09-20 18:36:59 CEST 
Upstream has issued an advisory today (September 20):
https://webkitgtk.org/security/WSA-2021-0005.html

The issues are fixed upstream in 2.32.4:
https://webkitgtk.org/2021/09/17/webkitgtk2.32.4-released.html

Mageia 8 is also affected.
David Walser 2021-09-20 18:37:17 CEST

Status comment: (none) => Fixed upstream in 2.23.4
CC: (none) => nicolas.salguero
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2021-09-20 20:06:09 CEST 
This SRPM has no registered nor consistent maintainer, so assigning this update globally.
CC'ing wally because you have done several recent 'surrounding' corrections.

CC: (none) => jani.valimaa
Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2021-09-21 10:31:05 CEST 
Suggested advisory:
========================

Updated webkit2 packages fix security vulnerabilities:

The webkit2 package has been updated to version 2.32.4, fixing several security issues and other bugs.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30858
https://webkitgtk.org/security/WSA-2021-0005.html
https://webkitgtk.org/2021/09/17/webkitgtk2.32.4-released.html
========================

Updated packages in core/updates_testing:
========================
webkit2-2.32.4-1.mga8
webkit2-jsc-2.32.4-1.mga8
lib(64)webkit2gtk-gir4.0-2.32.4-1.mga8
lib(64)javascriptcore-gir4.0-2.32.4-1.mga8
lib(64)javascriptcoregtk4.0_18-2.32.4-1.mga8
lib(64)webkit2gtk4.0_37-2.32.4-1.mga8
lib(64)webkit2-devel-2.32.4-1.mga8

from SRPM:
webkit2-2.32.4-1.mga8.src.rpm

Version: Cauldron => 8
Status: NEW => ASSIGNED
Assignee: pkg-bugs => qa-bugs
Status comment: Fixed upstream in 2.23.4 => (none)
Whiteboard: MGA8TOO => (none)

Comment 3 Herman Viaene 2021-09-23 14:05:33 CEST 
MGA8-64 Plasma on Lenovo B50
No installation issues.
Similar to previous updates:
$ zenity --calendar

(zenity:9221): Gtk-WARNING **: 14:00:20.937: Theme parsing error: gtk.css:2:33: Failed to import: Error when opeining file /home/tester8/.config/gtk-3.0/window_decorations.css: File or folder does not exist
-- click on 21/10/2021, displays
21-10-21
OK for me.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 4 Thomas Andrews 2021-09-23 21:52:35 CEST 
Validating. Advisory in Comment 2.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Thomas Backlund 2021-09-29 18:23:00 CEST

Keywords: (none) => advisory

Comment 5 Mageia Robot 2021-09-29 19:24:09 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0447.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.