31854 – webkit2 security issues fixed upstream (WSA-2023-0003)

Bug 31854 - webkit2 security issues fixed upstream (WSA-2023-0003)

Summary: webkit2 security issues fixed upstream (WSA-2023-0003)

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2023-05-01 16:42 CEST by David Walser
Modified:	2023-05-21 10:44 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	webkit2-2.38.5-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-05-01 16:42:22 CEST

Upstream has issued an advisory on April 21:
https://webkitgtk.org/security/WSA-2023-0003.html

The issues are fixed upstream in 2.38.6:
https://webkitgtk.org/2023/04/20/webkitgtk2.38.6-released.html

David Walser 2023-05-01 16:42:31 CEST

Status comment: (none) => Fixed upstream in 2.38.6

Comment 1 Nicolas Salguero 2023-05-10 09:24:41 CEST

Suggested advisory:
========================

The updated packages fix a security vulnerability and other issues.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28205
https://webkitgtk.org/security/WSA-2023-0003.html
https://webkitgtk.org/2023/04/20/webkitgtk2.38.6-released.html
========================

Updated packages in core/updates_testing:
========================
lib(64)javascriptcoregtk4.0_18-2.38.6-1.mga8
lib(64)javascriptcore-gir4.0-2.38.6-1.mga8
lib(64)webkit2gtk-gir4.0-2.38.6-1.mga8
lib(64)webkit2gtk4.0_37-2.38.6-1.mga8
lib(64)webkit2-devel-2.38.6-1.mga8
webkit2-jsc-2.38.6-1.mga8
webkit2-2.38.6-1.mga8

from SRPM:
webkit2-2.38.6-1.mga8.src.rpm

CC: (none) => nicolas.salguero
Status comment: Fixed upstream in 2.38.6 => (none)
Assignee: nicolas.salguero => qa-bugs
Status: NEW => ASSIGNED

Comment 2 Herman Viaene 2023-05-17 10:42:29 CEST

MGA8-64 MATE on Acer Aspire 5253
No installation issues
Ref bugs 30866 and 31330 for testing:
zenity --calendar

(zenity:4972): Gtk-WARNING **: 10:22:21.855: Theme parsing error: gtk.css:2:33: Failed to import: Error opening file /home/tester8/.config/gtk-3.0/window_decorations.css: No such file or directory
20/05/23
Opened a few pdf's with atril, rummaged around in MCC, no problems.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 3 Thomas Andrews 2023-05-17 13:54:11 CEST

Validating. Advisory in comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-05-21 03:05:10 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 4 Mageia Robot 2023-05-21 10:44:21 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0177.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.