Opened 3 years ago
Closed 7 months ago
#64554 closed defect (duplicate)
webkit2-gtk: multiple CVEs; fixed in 2.34.4
Reported by: | blair (Blair Zajac) | Owned by: | mascguy (Christopher Nielsen) |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | |
Keywords: | Cc: | cooljeanius (Eric Gallager), Dave-Allured (Dave Allured) | |
Port: | webkit2-gtk |
Description
Multiple CVEs are fixed in 2.34.4: https://webkitgtk.org/security/WSA-2022-0001.html
Found this from my Ubuntu system:
webkit2gtk (2.34.4-0ubuntu0.20.04.1) focal-security; urgency=medium * Updated to 2.34.4 to fix security issues. - CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 26 Jan 2022 07:22:38 -0500
Change History (9)
comment:1 Changed 2 years ago by mascguy (Christopher Nielsen)
Cc: | mascguy added |
---|
comment:2 Changed 2 years ago by cooljeanius (Eric Gallager)
Cc: | cooljeanius added |
---|
comment:3 Changed 18 months ago by mascguy (Christopher Nielsen)
Owner: | changed from dbevans to mascguy |
---|
comment:4 follow-up: 5 Changed 18 months ago by kencu (Ken)
comment:5 Changed 18 months ago by mascguy (Christopher Nielsen)
Replying to kencu:
the nix project has been trying to keep a version of this current for darwin.
they grabbed all our patches a few years ago, and may have updated it since.
worth looking there at their current offering and patches, as it is a rather more difficult port to update I thought.
Great idea, as I'm currently working on reconciling our various patches against the latest upstream release. Thanks for the heads-up Ken!
comment:6 Changed 18 months ago by kencu (Ken)
looks like nix has been bogged down for several years trying to update this on darwin
comment:7 Changed 7 months ago by Dave-Allured (Dave Allured)
Cc: | Dave-Allured added |
---|
comment:8 follow-up: 9 Changed 7 months ago by Dave-Allured (Dave Allured)
comment:9 Changed 7 months ago by mascguy (Christopher Nielsen)
Cc: | mascguy removed |
---|---|
Resolution: | → duplicate |
Status: | assigned → closed |
Replying to Dave-Allured:
See main discussion of update for
webkit2-gtk
in #65492. This ticket #64554 should probably be closed as duplicate.
Closing this older ticket as a duplicate, per Dave's recommendation.
the nix project has been trying to keep a version of this current for darwin.
they grabbed all our patches a few years ago, and may have updated it since.
worth looking there at their current offering and patches, as it is a rather more difficult port to update I thought.