Bug 31330 - webkit2 security issues fixed upstream (WSA-2022-0011)
Summary: webkit2 security issues fixed upstream (WSA-2022-0011)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK MGA8-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-12-27 16:20 CET by David Walser
Modified: 2022-12-30 23:40 CET (History)
3 users (show)

See Also:
Source RPM: webkit2-2.38.2-1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2022-12-27 16:20:19 CET
Upstream has issued an advisory on December 26:
https://webkitgtk.org/security/WSA-2022-0011.html

The issues are fixed upstream in 2.38.3:
https://webkitgtk.org/2022/12/22/webkitgtk2.38.3-released.html
David Walser 2022-12-27 16:20:54 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 2.38.3
CC: (none) => nicolas.salguero

Comment 1 Lewis Smith 2022-12-27 20:16:52 CET
Hope it is all right NicolasS to change your CC to assigned. You committed version 2.38.2, and this is a similar exercise.

Assignee: bugsquad => nicolas.salguero
CC: nicolas.salguero => (none)

Comment 2 Nicolas Salguero 2022-12-28 15:41:47 CET
Suggested advisory:
========================

The updated packages fix security vulnerabilities and other issues.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46691
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46700
https://webkitgtk.org/security/WSA-2022-0011.html
https://webkitgtk.org/2022/12/22/webkitgtk2.38.3-released.html
========================

Updated packages in core/updates_testing:
========================
lib(64)javascriptcoregtk4.0_18-2.38.3-1.mga8
lib(64)javascriptcore-gir4.0-2.38.3-1.mga8
lib(64)webkit2gtk-gir4.0-2.38.3-1.mga8
lib(64)webkit2gtk4.0_37-2.38.3-1.mga8
lib(64)webkit2-devel-2.38.3-1.mga8
webkit2-jsc-2.38.3-1.mga8
webkit2-2.38.3-1.mga8

from SRPM:
webkit2-2.38.3-1.mga8.src.rpm

Assignee: nicolas.salguero => qa-bugs
Status: NEW => ASSIGNED
Whiteboard: MGA8TOO => (none)
Status comment: Fixed upstream in 2.38.3 => (none)
Version: Cauldron => 8

Comment 3 Herman Viaene 2022-12-29 10:14:52 CET
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Ref bugs 31076 and 30866, testing by exercising MCC in each of the main sections, all works OK.
Giving someone (TJ?) the cance to try the 32-bit version as this had some problems in the refered previous bugs.

CC: (none) => herman.viaene

Comment 4 Dave Hodgins 2022-12-29 18:56:32 CET
Using an i586 vb guest, used qarepo to install
(medium "QA Testing (32-bit)")
  libjavascriptcore-gir4.0       2.38.3       1.mga8        i586    
  libjavascriptcoregtk4.0_18     2.38.3       1.mga8        i586    
  libwebkit2gtk-gir4.0           2.38.3       1.mga8        i586    
  libwebkit2gtk4.0_37            2.38.3       1.mga8        i586    
  webkit2                        2.38.3       1.mga8        i586

mcc and firefox still work. Just to be sure, rebooted and confirmed they still work.

Validating the update.

Whiteboard: (none) => MGA8-64-OK MGA8-32-OK
Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Dave Hodgins 2022-12-30 21:52:29 CET

Keywords: (none) => advisory

Comment 5 Mageia Robot 2022-12-30 23:40:48 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0486.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.