30777 – webkit2 security issues fixed upstream (WSA-2022-0008)

Bug 30777 - webkit2 security issues fixed upstream (WSA-2022-0008)

Summary: webkit2 security issues fixed upstream (WSA-2022-0008)

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-32-OK MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2022-08-26 17:12 CEST by David Walser
Modified:	2022-09-02 22:00 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	webkit2-2.36.6-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-08-26 17:12:56 CEST

Upstream has issued an advisory today (July 28):
https://webkitgtk.org/security/WSA-2022-0008.html

The issues are fixed upstream in 2.36.7:
https://webkitgtk.org/2022/08/24/webkitgtk2.36.7-released.html

Comment 1 Nicolas Salguero 2022-08-29 13:18:51 CEST

Suggested advisory:
========================

The updated packages fix a security vulnerability and other issues.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32893
https://webkitgtk.org/security/WSA-2022-0008.html
https://webkitgtk.org/2022/08/24/webkitgtk2.36.7-released.html
========================

Updated packages in core/updates_testing:
========================
lib(64)javascriptcoregtk4.0_18-2.36.7-1.mga8
lib(64)javascriptcore-gir4.0-2.36.7-1.mga8
lib(64)webkit2gtk4.0_37-2.36.7-1.mga8
lib(64)webkit2gtk-gir4.0-2.36.7-1.mga8
lib(64)webkit2-devel-2.36.7-1.mga8
webkit2-2.36.7-1.mga8
webkit2-jsc-2.36.7-1.mga8.x86_64.rpm

from SRPM:
webkit2-2.36.7-1.mga8.src.rpm

Status: NEW => ASSIGNED
Assignee: nicolas.salguero => qa-bugs
CC: (none) => nicolas.salguero

Comment 2 Morgan Leijström 2022-08-29 17:43:22 CEST

_Clean update of the three packages this system had, to
webkit2-2.36.7-1.mga8
lib(64)webkit2gtk4.0_37-2.36.7-1.mga8
lib(64)webkit2gtk-gir4.0-2.36.7-1.mga8

reboot, just in case...

Tested OK a few applications: drakconf, midori, gcad3d, ristretto, scratch

CC: (none) => fri

Comment 3 Thomas Andrews 2022-09-02 02:46:28 CEST

Tested on a Probook 6550b MGA8-64 Plasma system, and a MGA8-32 Xfce system on the same hardware. No installation issues on either system.

Used Herman's standard test first: "zenity --calendar". This produced a small calendar from which I could select a date. 

drakconf displays correctly on both systems. This is not to say that Bug 30332 has been resolved, only that this hardware is not affected, and nothing new went wrong.

Decided to try something new this time. "urpmq --whatrequires-recursive webkit2" produced a lengthy list, including a couple of simple Gnome puzzle games, four-in-a-row and five-or-more. I tried both games on both systems, with no issues.

OKing this, and validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs
Whiteboard: (none) => MGA8-32-OK MGA8-64-OK

Dave Hodgins 2022-09-02 19:19:49 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 4 Mageia Robot 2022-09-02 22:00:49 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0317.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.