Bug 35229 - webkit2 security issues fixed upstream (WSA-2026-0001)
Summary: webkit2 security issues fixed upstream (WSA-2026-0001)
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard: MGA9TOO
Keywords:
Depends on: 35228
Blocks:
  Show dependency treegraph
 
Reported: 2026-03-19 09:14 CET by Nicolas Salguero
Modified: 2026-03-21 21:54 CET (History)
0 users

See Also:
Source RPM: webkit2-2.50.6-1.mga10.src.rpm, webkit2-2.50.6-1.mga9.src.rpm
CVE: CVE-2025-46299
Status comment: Fixed upstream in 2.52.0
nicolas.salguero: affects_mga9+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-03-19 09:14:24 CET 
Reference:
https://webkitgtk.org/security/WSA-2026-0001.html

All CVEs are fixed in version 2.50.6 except CVE-2025-46299, which is fixed in version 2.52.0

References:
https://webkitgtk.org/2026/03/18/webkitgtk2.52.0-released.html
https://webkitgtk.org/2026/03/18/webkitgtk-2.52-highlights.html
Nicolas Salguero 2026-03-19 09:23:56 CET

Whiteboard: (none) => MGA9TOO
Status comment: (none) => Fixed upstream in 2.52.0
CVE: (none) => CVE-2025-46299
Assignee: bugsquad => pkg-bugs
Flags: (none) => affects_mga9+
Source RPM: (none) => webkit2-2.50.6-1.mga10.src.rpm, webkit2-2.50.6-1.mga9.src.rpm
Depends on: (none) => 35228

Comment 1 katnatek 2026-03-21 21:54:04 CET 
Should we wait to this instead of continue with 35228?
Note You need to log in before you can comment on or make changes to this bug.