31504 – webkit2 security issues fixed upstream (WSA-2023-0001)

Bug 31504 - webkit2 security issues fixed upstream (WSA-2023-0001)

Summary: webkit2 security issues fixed upstream (WSA-2023-0001)

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2023-02-03 01:45 CET by David Walser
Modified:	2023-02-14 23:45 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	webkit2-2.38.3-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-02-03 01:45:02 CET

Upstream has issued an advisory today (February 2):
https://webkitgtk.org/security/WSA-2023-0001.html

The issues are fixed upstream in 2.38.4:
https://webkitgtk.org/2023/02/02/webkitgtk2.38.4-released.html

David Walser 2023-02-03 01:45:17 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 2.38.4

Comment 1 Nicolas Salguero 2023-02-03 15:15:38 CET

Suggested advisory:
========================

The updated packages fix security vulnerabilities and other issues.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42826
https://webkitgtk.org/security/WSA-2023-0001.html
https://webkitgtk.org/2023/02/02/webkitgtk2.38.4-released.html
========================

Updated packages in core/updates_testing:
========================
lib(64)javascriptcoregtk4.0_18-2.38.4-1.mga8
lib(64)javascriptcore-gir4.0-2.38.4-1.mga8
lib(64)webkit2gtk-gir4.0-2.38.4-1.mga8
lib(64)webkit2gtk4.0_37-2.38.4-1.mga8
lib(64)webkit2-devel-2.38.4-1.mga8
webkit2-jsc-2.38.4-1.mga8
webkit2-2.38.4-1.mga8

from SRPM:
webkit2-2.38.4-1.mga8.src.rpm

Status comment: Fixed upstream in 2.38.4 => (none)
Version: Cauldron => 8
Assignee: nicolas.salguero => qa-bugs
Source RPM: webkit2-2.38.3-2.mga9.src.rpm => webkit2-2.38.3-1.mga8.src.rpm
CC: (none) => nicolas.salguero
Whiteboard: MGA8TOO => (none)
Status: NEW => ASSIGNED

Comment 2 Thomas Andrews 2023-02-05 23:38:15 CET

No installation issues on Foolishness, my Dell Inspiron 5100, running mga8-32 Xfce. 

I installed zenity, and called up a number of dialog boxes - calendar, file selection, color selection, and info, and all worked as expected. 

Bug 30332 is still in effect, but that's not a new regression, and it only seems to affect certain hardware, so it won't stop this update. (It does seem to have been fixed in Cauldron. Bug 30865.)

CC: (none) => andrewsfarm

Comment 3 Thomas Andrews 2023-02-07 00:10:31 CET

MGA8-64 Plasma system. No installation issues.

Opened some dialog boxes with zenity, looked at a pdf file with Atril, played four-in-a-row and five-or-more, opened and used MCC. Everything worked as expected.

Giving this an OK, and validating.

Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Dave Hodgins 2023-02-14 21:26:17 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 4 Mageia Robot 2023-02-14 23:45:07 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0047.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.