Upstream has issued an advisory today (September 19): https://webkitgtk.org/security/WSA-2022-0009.html The issues are fixed upstream in 2.36.8: https://webkitgtk.org/2022/09/16/webkitgtk2.36.8-released.html
Suggested advisory: ======================== The updated packages fix a security vulnerability and other issues. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32886 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32891 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32912 https://webkitgtk.org/security/WSA-2022-0009.html https://webkitgtk.org/2022/09/16/webkitgtk2.36.8-released.html ======================== Updated packages in core/updates_testing: ======================== lib(64)javascriptcoregtk4.0_18-2.36.8-1.mga8 lib(64)javascriptcore-gir4.0-2.36.8-1.mga8 lib(64)webkit2gtk4.0_37-2.36.8-1.mga8 lib(64)webkit2gtk-gir4.0-2.36.8-1.mga8 lib(64)webkit2-devel-2.36.8-1.mga8 webkit2-2.36.8-1.mga8 webkit2-jsc-2.36.8-1.mga8.x86_64.rpm from SRPM: webkit2-2.36.8-1.mga8.src.rpm
Assignee: nicolas.salguero => qa-bugsStatus: NEW => ASSIGNEDCC: (none) => nicolas.salguero
For CVE-2022-32912, WSA-2022-0009 states "This issue only affects MacOS builds (Linux builds are not affected).".
CC: (none) => davidwhodgins
(i586 users, use "webkit2-jsc-2.36.8-1.mga8" in Qarepo.) Checked in Foolishness, my 32-bit Dell Inspiron 5100, P4, Radeon RV200 graphics, 32-bit Xfce system. No installation issues. This update does not affect Bug 30332 on this hardware. MCC (drakconf) still comes up with a blank, unresponsive area.
CC: (none) => andrewsfarm
MGA8 64 XFCE with Nvidia graphic card 520M. Updated with QA repo. No installation issues. MCC (drakconf) still comes up with a blank, unresponsive area here too.
CC: (none) => guillaume.royer
Tested in a mga8-64 Plasma guest in VirtualBox. No installation issues. No change in behavior of MCC. If 3D acceleration is enabled, MCC works as designed. If it is disabled, the first time it comes up with a blank screen, but if you click on it the text appears and is responsive. Using my test from Bug 30777, "zenity --calendar" works, as do the games four-in-a-row and five-in-line. So, other than the problem of Bug 30332, this update appears to be working as designed.
Since this is a security update, and no new regressions have surfaced, and remembering that we have approved several webkit2 security updates since Bug 30332 was reported, I'm somewhat reluctantly going to give this one an OK, too. Validating. Advisory in Comment 1.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0346.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED