Bug 30777 - webkit2 security issues fixed upstream (WSA-2022-0008)
Summary: webkit2 security issues fixed upstream (WSA-2022-0008)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-32-OK MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-08-26 17:12 CEST by David Walser
Modified: 2022-09-02 22:00 CEST (History)
5 users (show)

See Also:
Source RPM: webkit2-2.36.6-1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2022-08-26 17:12:56 CEST
Upstream has issued an advisory today (July 28):
https://webkitgtk.org/security/WSA-2022-0008.html

The issues are fixed upstream in 2.36.7:
https://webkitgtk.org/2022/08/24/webkitgtk2.36.7-released.html
Comment 1 Nicolas Salguero 2022-08-29 13:18:51 CEST
Suggested advisory:
========================

The updated packages fix a security vulnerability and other issues.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32893
https://webkitgtk.org/security/WSA-2022-0008.html
https://webkitgtk.org/2022/08/24/webkitgtk2.36.7-released.html
========================

Updated packages in core/updates_testing:
========================
lib(64)javascriptcoregtk4.0_18-2.36.7-1.mga8
lib(64)javascriptcore-gir4.0-2.36.7-1.mga8
lib(64)webkit2gtk4.0_37-2.36.7-1.mga8
lib(64)webkit2gtk-gir4.0-2.36.7-1.mga8
lib(64)webkit2-devel-2.36.7-1.mga8
webkit2-2.36.7-1.mga8
webkit2-jsc-2.36.7-1.mga8.x86_64.rpm

from SRPM:
webkit2-2.36.7-1.mga8.src.rpm

Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs
CC: (none) => nicolas.salguero

Comment 2 Morgan Leijström 2022-08-29 17:43:22 CEST
_Clean update of the three packages this system had, to
webkit2-2.36.7-1.mga8
lib(64)webkit2gtk4.0_37-2.36.7-1.mga8
lib(64)webkit2gtk-gir4.0-2.36.7-1.mga8

reboot, just in case...

Tested OK a few applications: drakconf, midori, gcad3d, ristretto, scratch

CC: (none) => fri

Comment 3 Thomas Andrews 2022-09-02 02:46:28 CEST
Tested on a Probook 6550b MGA8-64 Plasma system, and a MGA8-32 Xfce system on the same hardware. No installation issues on either system.

Used Herman's standard test first: "zenity --calendar". This produced a small calendar from which I could select a date. 

drakconf displays correctly on both systems. This is not to say that Bug 30332 has been resolved, only that this hardware is not affected, and nothing new went wrong.

Decided to try something new this time. "urpmq --whatrequires-recursive webkit2" produced a lengthy list, including a couple of simple Gnome puzzle games, four-in-a-row and five-or-more. I tried both games on both systems, with no issues.

OKing this, and validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs
Whiteboard: (none) => MGA8-32-OK MGA8-64-OK

Dave Hodgins 2022-09-02 19:19:49 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 4 Mageia Robot 2022-09-02 22:00:49 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0317.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.