35229 – webkit2 security issues fixed upstream (WSA-2026-000[12])

Bug 35229 - webkit2 security issues fixed upstream (WSA-2026-000[12])

Summary: webkit2 security issues fixed upstream (WSA-2026-000[12])

Status:	NEW

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	All Packagers
QA Contact:	Sec team

URL:
Whiteboard:	MGA9TOO
Keywords:

Depends on:	35228
Blocks:
	Show dependency tree / graph

Reported:	2026-03-19 09:14 CET by Nicolas Salguero
Modified:	2026-04-28 15:55 CEST (History)
CC List:	0 users

See Also:
Source RPM:	webkit2-2.50.6-1.mga10.src.rpm, webkit2-2.50.6-1.mga9.src.rpm
CVE:	CVE-2025-46299, CVE-2026-2064[3-5], CVE-2026-20691, CVE-2026-2885[79], CVE-2026-28861, CVE-2026-28871
Status comment:	Fixed upstream in 2.52.1

Flags:	nicolas.salguero: affects_mga9+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-03-19 09:14:24 CET

Reference:
https://webkitgtk.org/security/WSA-2026-0001.html

All CVEs are fixed in version 2.50.6 except CVE-2025-46299, which is fixed in version 2.52.0

References:
https://webkitgtk.org/2026/03/18/webkitgtk2.52.0-released.html
https://webkitgtk.org/2026/03/18/webkitgtk-2.52-highlights.html

Nicolas Salguero 2026-03-19 09:23:56 CET

Depends on: (none) => 35228
Assignee: bugsquad => pkg-bugs
Flags: (none) => affects_mga9+
Source RPM: (none) => webkit2-2.50.6-1.mga10.src.rpm, webkit2-2.50.6-1.mga9.src.rpm
Whiteboard: (none) => MGA9TOO
Status comment: (none) => Fixed upstream in 2.52.0
CVE: (none) => CVE-2025-46299

Comment 1 katnatek 2026-03-21 21:54:04 CET

Should we wait to this instead of continue with 35228?

Comment 2 Nicolas Salguero 2026-03-30 09:18:16 CEST

References:
https://webkitgtk.org/2026/03/27/webkitgtk2.52.1-released.html
https://webkitgtk.org/security/WSA-2026-0002.html

Status comment: Fixed upstream in 2.52.0 => Fixed upstream in 2.52.1
Summary: webkit2 security issues fixed upstream (WSA-2026-0001) => webkit2 security issues fixed upstream (WSA-2026-000[12])
CVE: CVE-2025-46299 => CVE-2025-46299, CVE-2026-2064[3-5], CVE-2026-20691, CVE-2026-2885[79], CVE-2026-28861, CVE-2026-28871

Comment 3 Nicolas Salguero 2026-04-28 15:55:49 CEST

References:
https://webkitgtk.org/2026/04/13/webkitgtk2.52.2-released.html
https://webkitgtk.org/2026/04/16/webkitgtk2.52.3-released.html

Note You need to log in before you can comment on or make changes to this bug.