Bug 30608 - webkit2 security issues fixed upstream (WSA-2022-0006)
Summary: webkit2 security issues fixed upstream (WSA-2022-0006)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-32-OK MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-07-05 14:48 CEST by David Walser
Modified: 2022-07-12 10:33 CEST (History)
5 users (show)

See Also:
Source RPM: webkit2-2.36.3-1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2022-07-05 14:48:33 CEST
Upstream has issued an advisory today (July 5):
https://webkitgtk.org/security/WSA-2022-0006.html

The issues are fixed upstream in 2.36.4:
https://webkitgtk.org/2022/07/05/webkitgtk2.36.4-released.html
David Walser 2022-07-05 14:48:46 CEST

Status comment: (none) => Fixed upstream in 2.36.4

Comment 1 Nicolas Salguero 2022-07-06 12:41:19 CEST
Suggested advisory:
========================

Updated webkit2 packages fix security vulnerabilities:

The webkit2 package has been updated to version 2.36.4, fixing several security issues and other bugs.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22677
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26710
https://webkitgtk.org/2022/07/05/webkitgtk2.36.4-released.html
https://webkitgtk.org/security/WSA-2022-0006.html
========================

Updated packages in core/updates_testing:
========================
webkit2-2.36.4-1.mga8
webkit2-jsc-2.36.4-1.mga8
lib(64)webkit2gtk-gir4.0-2.36.4-1.mga8
lib(64)javascriptcore-gir4.0-2.36.4-1.mga8
lib(64)javascriptcoregtk4.0_18-2.36.4-1.mga8
lib(64)webkit2gtk4.0_37-2.36.4-1.mga8
lib(64)webkit2-devel-2.36.4-1.mga8

from SRPM:
webkit2-2.36.4-1.mga8.src.rpm

Assignee: nicolas.salguero => qa-bugs
CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
Status comment: Fixed upstream in 2.36.4 => (none)

Comment 2 Thomas Andrews 2022-07-06 17:02:35 CEST
Tested on Foolishness, my Dell Inspiron 5100, 32-bit Xfce system.

No installation issues. Ran Atril, loaded and displayed a pdf without issues. Tried to run MCC, but Bug 30332 is still in effect.

CC: (none) => andrewsfarm

Comment 3 Herman Viaene 2022-07-08 13:40:24 CEST
MGA8-64 Plasma on Acer Aspire 5253.
No installation issues.
Ref bug 30494 for testing:
$ zenity --calendar 

(zenity:11633): Gtk-WARNING **: 13:18:34.372: Theme parsing error: gtk.css:2:33: Failed to import: Error opening file /home/tester8/.config/gtk-3.0/window_decorations.css: No such file or directory
22/07/22
That's OK.
Used Atril to deisplay a pdf, works OK.
I've never experienced the issue from bug 30332, so I cann't judge upon that one. But TJ's input makes it clear there is no regression here, so OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 4 Thomas Andrews 2022-07-08 14:15:39 CEST
Adding the 32-bit OK, and validating. Advisory in Comment 1.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: MGA8-64-OK => MGA8-32-OK MGA8-64-OK

Dave Hodgins 2022-07-12 01:31:24 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 5 Mageia Robot 2022-07-12 10:33:48 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0254.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.