Upstream has issued an advisory today (July 28): https://webkitgtk.org/security/WSA-2022-0008.html The issues are fixed upstream in 2.36.7: https://webkitgtk.org/2022/08/24/webkitgtk2.36.7-released.html
Suggested advisory: ======================== The updated packages fix a security vulnerability and other issues. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32893 https://webkitgtk.org/security/WSA-2022-0008.html https://webkitgtk.org/2022/08/24/webkitgtk2.36.7-released.html ======================== Updated packages in core/updates_testing: ======================== lib(64)javascriptcoregtk4.0_18-2.36.7-1.mga8 lib(64)javascriptcore-gir4.0-2.36.7-1.mga8 lib(64)webkit2gtk4.0_37-2.36.7-1.mga8 lib(64)webkit2gtk-gir4.0-2.36.7-1.mga8 lib(64)webkit2-devel-2.36.7-1.mga8 webkit2-2.36.7-1.mga8 webkit2-jsc-2.36.7-1.mga8.x86_64.rpm from SRPM: webkit2-2.36.7-1.mga8.src.rpm
Status: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugsCC: (none) => nicolas.salguero
_Clean update of the three packages this system had, to webkit2-2.36.7-1.mga8 lib(64)webkit2gtk4.0_37-2.36.7-1.mga8 lib(64)webkit2gtk-gir4.0-2.36.7-1.mga8 reboot, just in case... Tested OK a few applications: drakconf, midori, gcad3d, ristretto, scratch
CC: (none) => fri
Tested on a Probook 6550b MGA8-64 Plasma system, and a MGA8-32 Xfce system on the same hardware. No installation issues on either system. Used Herman's standard test first: "zenity --calendar". This produced a small calendar from which I could select a date. drakconf displays correctly on both systems. This is not to say that Bug 30332 has been resolved, only that this hardware is not affected, and nothing new went wrong. Decided to try something new this time. "urpmq --whatrequires-recursive webkit2" produced a lengthy list, including a couple of simple Gnome puzzle games, four-in-a-row and five-or-more. I tried both games on both systems, with no issues. OKing this, and validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA8-32-OK MGA8-64-OK
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0317.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED