Upstream has issued an advisory on June 29: https://webkitgtk.org/security/WSA-2023-0005.html The issues are fixed upstream in 2.40.3: https://webkitgtk.org/2023/06/28/webkitgtk2.40.3-released.html
Source RPM: (none) => webkit2-2.40.2-1.mga8.src.rpmCC: (none) => nicolas.salgueroAssignee: bugsquad => nicolas.salgueroWhiteboard: (none) => MGA8TOO
Summary: webkit2security issues fixed upstream (WSA-2023-0005) => webkit2 new ecurity issues fixed upstream (WSA-2023-0005)
Summary: webkit2 new ecurity issues fixed upstream (WSA-2023-0005) => webkit2 new security issues fixed upstream (WSA-2023-0005)
Suggested advisory: ======================== The updated packages fix security vulnerabilities and other issues. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48503 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32435 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32439 https://webkitgtk.org/security/WSA-2023-0005.html https://webkitgtk.org/2023/06/28/webkitgtk2.40.3-released.html ======================== Updated packages in core/updates_testing: ======================== lib(64)javascriptcoregtk4.0_18-2.40.3-1.mga8 lib(64)javascriptcore-gir4.0-2.40.3-1.mga8 lib(64)webkit2gtk4.0_37-2.40.3-1.mga8 lib(64)webkit2gtk-gir4.0-2.40.3-1.mga8 lib(64)webkit2-devel-2.40.3-1.mga8 webkit2-2.40.3-1.mga8 webkit2-jsc-2.40.3-1.mga8 from SRPM: webkit2-2.40.3-1.mga8.src.rpm
Status: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugsVersion: Cauldron => 8Whiteboard: MGA8TOO => (none)
Version: 8 => CauldronWhiteboard: (none) => MGA8TOO
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)
MGA8-64 Plasma VirtualBox guest. No installation issues. After checking one of the libraries with urpmq, and getting a very long list of packages that are dependent on it, I ran rpmdrake (one of those dependent) to install some. I installed zenity, atril, and lutris. There were no issues with the installations, so rpmdrake is working OK. Zenity and Atril both function as they should. Lutris gave me a warning that "Vulkan" wasn't installed, so i386 games would not be available. After checking with drakrpm-edit-media (another test) I confirmed that the i586 repos were disabled, which is probably the reason for that warning. The lutris gui came up anyway, but it couldn't find any games (as I had been warned), so that's as far as I got with that one. All in all, I believe this is working as designed in this guest.
CC: (none) => andrewsfarm
MGA8-64 Gnome VirtualBox guest. No installation issues. Checked Atril, Epiphany, Evolution, and zenity with no apparent issues. Also, on Foolishness, a Dell Inspiron 5100, MGA8-32 Xfce system using the desktop kernel, no installation issues there, either. Tried several apps there, and there are no new regressions. Giving this an OK on both arches. Validating. Advisory in comment 1.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: (none) => MGA8-32-OK MGA8-64-OK
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0229.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED