Bug 33513 - webkit2 security issues fixed upstream (WSA-2024-000[4-8] and WSA-2025-000[12])
Summary: webkit2 security issues fixed upstream (WSA-2024-000[4-8] and WSA-2025-000[12])
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: High major
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard: MGA9TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2024-09-02 12:48 CEST by Nicolas Salguero
Modified: 2025-03-21 08:38 CET (History)
3 users (show)

See Also:
Source RPM: webkit2-2.46.5-1.mga10.src.rpm, webkit2-2.44.2-1.mga9.src.rpm
CVE: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40789, CVE-2024-4558, CVE-2024-23271, CVE-2024-27808, CVE-2024-27820, CVE-2024-27833, CVE-2024-27838, CVE-2024-27851, CVE-2024-40866, CVE-2024-44187, CVE-2024-44185, CVE-2024-44244, CVE-2024-44296
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-09-02 12:48:08 CEST 
Upstream has issued an advisory on August 17:
https://webkitgtk.org/security/WSA-2024-0004.html


The issues are fixed upstream in 2.44.3:
https://webkitgtk.org/2024/08/13/webkitgtk2.44.3-released.html
Nicolas Salguero 2024-09-02 12:49:17 CEST

Source RPM: (none) => webkit2-2.44.2-2.mga10.src.rpm
Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40789, CVE-2024-4558

Comment 1 Marja Van Waes 2024-09-04 08:12:52 CEST 
No registered maintainer, so assigning to all.
CC'ing daviddavid, who was the last one to touch this package

Assignee: bugsquad => pkg-bugs
CC: (none) => geiger.david68210, marja11

Comment 2 Nicolas Salguero 2024-09-18 09:16:27 CEST 
Upstream has released 2.44.4:
https://webkitgtk.org/release/webkitgtk-2.44.4.html
Comment 3 Nicolas Salguero 2024-09-20 11:47:14 CEST 
Upstream has released 2.46.0:
https://webkitgtk.org/2024/09/17/webkitgtk2.46.0-released.html
Comment 4 Morgan Leijström 2024-09-23 00:25:26 CEST 
Upping priority because dependency of already shipped icu Bug 33553

Priority: Normal => High
CC: (none) => fri

Comment 5 Nicolas Salguero 2024-09-26 13:42:18 CEST 
Upstream has issued an advisory on September 25:
https://webkitgtk.org/security/WSA-2024-0005.html

Summary: webkit2 security issue fixed upstream (WSA-2024-0004) => webkit2 security issues fixed upstream (WSA-2024-0004, WSA-2024-0005)
CVE: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40789, CVE-2024-4558 => CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40789, CVE-2024-4558, CVE-2024-23271, CVE-2024-27808, CVE-2024-27820, CVE-2024-27833, CVE-2024-27838, CVE-2024-27851, CVE-2024-40866, CVE-2024-44187

Comment 6 Nicolas Salguero 2024-10-01 15:09:31 CEST 
Upstream has released 2.46.1:
https://webkitgtk.org/2024/09/30/webkitgtk2.46.1-released.html
Comment 7 Nicolas Salguero 2024-10-23 09:29:56 CEST 
Upstream has released 2.46.2:
https://webkitgtk.org/2024/10/21/webkitgtk2.46.2-released.html
Comment 8 Nicolas Salguero 2024-11-04 10:09:37 CET 
Upstream has released 2.46.3:
https://webkitgtk.org/2024/10/30/webkitgtk2.46.3-released.html

Upstream has issued an advisory on October 31:
https://webkitgtk.org/security/WSA-2024-0006.html

CVE: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40789, CVE-2024-4558, CVE-2024-23271, CVE-2024-27808, CVE-2024-27820, CVE-2024-27833, CVE-2024-27838, CVE-2024-27851, CVE-2024-40866, CVE-2024-44187 => CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40789, CVE-2024-4558, CVE-2024-23271, CVE-2024-27808, CVE-2024-27820, CVE-2024-27833, CVE-2024-27838, CVE-2024-27851, CVE-2024-40866, CVE-2024-44187, CVE-2024-44185, CVE-2024-44244, CVE-2024-44296
Summary: webkit2 security issues fixed upstream (WSA-2024-0004, WSA-2024-0005) => webkit2 security issues fixed upstream (WSA-2024-0004, WSA-2024-0005, WSA-2024-0006)

Comment 9 Nicolas Salguero 2024-11-27 15:58:05 CET 
Upstream has released 2.46.4:
https://webkitgtk.org/2024/11/27/webkitgtk2.46.4-released.html

Upstream has issued an advisory on November 27:
https://webkitgtk.org/security/WSA-2024-0007.html

Summary: webkit2 security issues fixed upstream (WSA-2024-0004, WSA-2024-0005, WSA-2024-0006) => webkit2 security issues fixed upstream (WSA-2024-000[4-7])

Comment 10 Morgan Leijström 2024-11-27 19:40:42 CET 
This need to be progressed...

Severity: normal => major

Comment 11 Nicolas Salguero 2024-12-24 10:33:59 CET 
Upstream has released 2.46.5:
https://webkitgtk.org/2024/12/18/webkitgtk2.46.5-released.html


Upstream has issued an advisory on December 22:
https://webkitgtk.org/security/WSA-2024-0008.html

Summary: webkit2 security issues fixed upstream (WSA-2024-000[4-7]) => webkit2 security issues fixed upstream (WSA-2024-000[4-8])

Comment 12 Fred Ervin 2025-01-08 09:54:35 CET Comment hidden (spam)

CC: (none) => idamoore064

Morgan Leijström 2025-01-08 09:58:38 CET

CC: idamoore064 => (none)

Comment 13 Nicolas Salguero 2025-02-10 09:25:21 CET 
Upstream has released 2.46.6:
https://webkitgtk.org/2025/02/07/webkitgtk2.46.6-released.html

Upstream has issued an advisory on February 9:
https://webkitgtk.org/security/WSA-2025-0001.html

Source RPM: webkit2-2.44.2-2.mga10.src.rpm => webkit2-2.46.5-1.mga10.src.rpm, webkit2-2.44.2-1.mga9.src.rpm
Summary: webkit2 security issues fixed upstream (WSA-2024-000[4-8]) => webkit2 security issues fixed upstream (WSA-2024-000[4-8] and WSA-2025-0001)

Comment 14 Nicolas Salguero 2025-03-17 10:26:46 CET 
Upstream has released 2.48.0:
https://webkitgtk.org/2025/03/14/webkitgtk2.48.0-released.html
Comment 15 Nicolas Salguero 2025-03-21 08:38:49 CET 
Upstream has issued an advisory on March 20:
https://webkitgtk.org/security/WSA-2025-0002.html

Summary: webkit2 security issues fixed upstream (WSA-2024-000[4-8] and WSA-2025-0001) => webkit2 security issues fixed upstream (WSA-2024-000[4-8] and WSA-2025-000[12])
Note You need to log in before you can comment on or make changes to this bug.