29596 – webkit2 security issues fixed upstream (WSA-2021-0006)

Bug 29596 - webkit2 security issues fixed upstream (WSA-2021-0006)

Summary: webkit2 security issues fixed upstream (WSA-2021-0006)

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-10-27 13:59 CEST by Nicolas Salguero
Modified:	2021-10-29 21:33 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	webkit2-2.32.4-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2021-10-27 13:59:01 CEST

Upstream has issued an advisory yesterday (October 26):
https://webkitgtk.org/security/WSA-2021-0006.html

The issues are fixed upstream in 2.34.1:
https://webkitgtk.org/2021/10/21/webkitgtk2.34.1-released.html

Nicolas Salguero 2021-10-27 13:59:09 CEST

Source RPM: (none) => webkit2-2.32.4-1.mga8.src.rpm

Nicolas Salguero 2021-10-27 13:59:18 CEST

Assignee: bugsquad => nicolas.salguero
CC: (none) => nicolas.salguero

Comment 1 Nicolas Salguero 2021-10-27 16:06:02 CEST

Suggested advisory:
========================

Updated webkit2 packages fix security vulnerabilities:

The webkit2 package has been updated to version 2.34.1, fixing several security issues and other bugs.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42762
https://webkitgtk.org/security/WSA-2021-0006.html
https://webkitgtk.org/2021/10/21/webkitgtk2.34.1-released.html
========================

Updated packages in core/updates_testing:
========================
webkit2-2.34.1-1.mga8
webkit2-jsc-2.34.1-1.mga8
lib(64)webkit2gtk-gir4.0-2.34.1-1.mga8
lib(64)javascriptcore-gir4.0-2.34.1-1.mga8
lib(64)javascriptcoregtk4.0_18-2.34.1-1.mga8
lib(64)webkit2gtk4.0_37-2.34.1-1.mga8
lib(64)webkit2-devel-2.34.1-1.mga8

from SRPM:
webkit2-2.34.1-1.mga8.src.rpm

Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs

Comment 2 Thomas Andrews 2021-10-28 01:11:39 CEST

In VirtualBox, MGA8-64 Plasma:

No installation issues. Borrowing Herman's classic test from many previous updates...

$ zenity --calendar

Calendar dialog opened, selected a random date

11/25/2021

Looks OK here. Validating. Advisory in Comment 1.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2021-10-29 18:43:22 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 3 Mageia Robot 2021-10-29 21:33:46 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0498.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.