Upstream has issued an advisory today (February 17): https://webkitgtk.org/security/WSA-2022-0003.html Updates submitted to the build system. Package list will be: i586: libjavascriptcore-gir4.0-2.34.6-1.mga8.i586.rpm libjavascriptcoregtk4.0_18-2.34.6-1.mga8.i586.rpm libwebkit2-devel-2.34.6-1.mga8.i586.rpm libwebkit2gtk4.0_37-2.34.6-1.mga8.i586.rpm libwebkit2gtk-gir4.0-2.34.6-1.mga8.i586.rpm webkit2-2.34.6-1.mga8.i586.rpm webkit2-jsc-2.34.6-1.mga8.i586.rpm x86_64: lib64javascriptcore-gir4.0-2.34.6-1.mga8.x86_64.rpm lib64javascriptcoregtk4.0_18-2.34.6-1.mga8.x86_64.rpm lib64webkit2-devel-2.34.6-1.mga8.x86_64.rpm lib64webkit2gtk4.0_37-2.34.6-1.mga8.x86_64.rpm lib64webkit2gtk-gir4.0-2.34.6-1.mga8.x86_64.rpm webkit2-2.34.6-1.mga8.x86_64.rpm webkit2-jsc-2.34.6-1.mga8.x86_64.rpm from SRPM: webkit2-2.34.6-1.mga8.src.rpm
This update should also fix bug 30041
Blocks: (none) => 30041
CVE-2022-22620 is being fixed. Reference for 2.34.6 release: https://webkitgtk.org/2022/02/17/webkitgtk2.34.6-released.html
Tested with epiphany and evolution on an x86_64 system using startx (where they worked before the update) and on an rpi 4b system using gdm where they didn't. Validating the update. Advisory committed to svn.
CC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: (none) => MGA8-64-OKKeywords: (none) => advisory, validated_update
Unvalidating for now, I'd like confirmation from bug 30041 affected users that it actually fixes that issue too...
Keywords: validated_update => (none)
Also posted in bug 30041 Updated the three webkit packages from updates_testing. Plasma x86_64 Epiphany opens correctly (opened some sites and surfed a little bit, all ok) Evolution opens correctlty (did some settings and test setups, all ok) MGA8 64bit OK
To be more precise, installed lib64webkit2gtk4.0_37-2.34.6-1.mga8.x86_64.rpm lib64webkit2gtk-gir4.0-2.34.6-1.mga8.x86_64.rpm webkit2-2.34.6-1.mga8.x86_64.rpm
several confirmations on bug 30041 that this update fixes the issue. re-validating and flushing out
Keywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0075.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED