Bug 33513 - webkit2 security issues fixed upstream (WSA-2024-0004, WSA-2024-0005, WSA-2024-0006)
Summary: webkit2 security issues fixed upstream (WSA-2024-0004, WSA-2024-0005, WSA-202...
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: High normal
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard: MGA9TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2024-09-02 12:48 CEST by Nicolas Salguero
Modified: 2024-11-04 10:09 CET (History)
3 users (show)

See Also:
Source RPM: webkit2-2.44.2-2.mga10.src.rpm
CVE: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40789, CVE-2024-4558, CVE-2024-23271, CVE-2024-27808, CVE-2024-27820, CVE-2024-27833, CVE-2024-27838, CVE-2024-27851, CVE-2024-40866, CVE-2024-44187, CVE-2024-44185, CVE-2024-44244, CVE-2024-44296
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-09-02 12:48:08 CEST 
Upstream has issued an advisory on August 17:
https://webkitgtk.org/security/WSA-2024-0004.html


The issues are fixed upstream in 2.44.3:
https://webkitgtk.org/2024/08/13/webkitgtk2.44.3-released.html
Nicolas Salguero 2024-09-02 12:49:17 CEST

CVE: (none) => CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40789, CVE-2024-4558
Source RPM: (none) => webkit2-2.44.2-2.mga10.src.rpm
Whiteboard: (none) => MGA9TOO

Comment 1 Marja Van Waes 2024-09-04 08:12:52 CEST 
No registered maintainer, so assigning to all.
CC'ing daviddavid, who was the last one to touch this package

Assignee: bugsquad => pkg-bugs
CC: (none) => geiger.david68210, marja11

Comment 2 Nicolas Salguero 2024-09-18 09:16:27 CEST 
Upstream has released 2.44.4:
https://webkitgtk.org/release/webkitgtk-2.44.4.html
Comment 3 Nicolas Salguero 2024-09-20 11:47:14 CEST 
Upstream has released 2.46.0:
https://webkitgtk.org/2024/09/17/webkitgtk2.46.0-released.html
Comment 4 Morgan Leijström 2024-09-23 00:25:26 CEST 
Upping priority because dependency of already shipped icu Bug 33553

Priority: Normal => High
CC: (none) => fri

Comment 5 Nicolas Salguero 2024-09-26 13:42:18 CEST 
Upstream has issued an advisory on September 25:
https://webkitgtk.org/security/WSA-2024-0005.html

CVE: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40789, CVE-2024-4558 => CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40789, CVE-2024-4558, CVE-2024-23271, CVE-2024-27808, CVE-2024-27820, CVE-2024-27833, CVE-2024-27838, CVE-2024-27851, CVE-2024-40866, CVE-2024-44187
Summary: webkit2 security issue fixed upstream (WSA-2024-0004) => webkit2 security issues fixed upstream (WSA-2024-0004, WSA-2024-0005)

Comment 6 Nicolas Salguero 2024-10-01 15:09:31 CEST 
Upstream has released 2.46.1:
https://webkitgtk.org/2024/09/30/webkitgtk2.46.1-released.html
Comment 7 Nicolas Salguero 2024-10-23 09:29:56 CEST 
Upstream has released 2.46.2:
https://webkitgtk.org/2024/10/21/webkitgtk2.46.2-released.html
Comment 8 Nicolas Salguero 2024-11-04 10:09:37 CET 
Upstream has released 2.46.3:
https://webkitgtk.org/2024/10/30/webkitgtk2.46.3-released.html

Upstream has issued an advisory on October 31:
https://webkitgtk.org/security/WSA-2024-0006.html

Summary: webkit2 security issues fixed upstream (WSA-2024-0004, WSA-2024-0005) => webkit2 security issues fixed upstream (WSA-2024-0004, WSA-2024-0005, WSA-2024-0006)
CVE: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40789, CVE-2024-4558, CVE-2024-23271, CVE-2024-27808, CVE-2024-27820, CVE-2024-27833, CVE-2024-27838, CVE-2024-27851, CVE-2024-40866, CVE-2024-44187 => CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40789, CVE-2024-4558, CVE-2024-23271, CVE-2024-27808, CVE-2024-27820, CVE-2024-27833, CVE-2024-27838, CVE-2024-27851, CVE-2024-40866, CVE-2024-44187, CVE-2024-44185, CVE-2024-44244, CVE-2024-44296
Note You need to log in before you can comment on or make changes to this bug.