Upstream has issued an advisory today (April 8):
The issues are fixed upstream in 2.36.0:
Fixed upstream i 2.36.0
We already (just) have version 2.36.0 in Cauldron thanks to ns80, so it seems sensible to assign this update to you.
Updated webkit2 packages fix security vulnerabilities:
The webkit2 package has been updated to version 2.36.0, fixing several security issues and other bugs.
Updated packages in core/updates_testing:
Fixed upstream i 2.36.0 =>
Tested in a Gnome Vbox guest. No installation issues.
Referred to bug 30018 and Bug 30064 for tests:
$ zenity --calendar Used the mouse to select a date, which was reported back to the command line.
Ran Atril and loaded a pdf, looked OK
Ran Evolution and Epiphany, both GUIs came up normally.
Looks OK in Gnome.
Tested with a Plasma install on real 64-bit hardware. No installation issues.
This install does not include Evolution or Epiphany, but the zenity calendar and Atril both work OK.
Giving this a 64-bit OK, and validating. Advisory in Comment 2.
An update for this issue has been pushed to the Mageia Updates repository.