Opened 3 years ago

Closed 7 months ago

#64554 closed defect (duplicate)

webkit2-gtk: multiple CVEs; fixed in 2.34.4

Reported by: blair (Blair Zajac) Owned by: mascguy (Christopher Nielsen)
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc: cooljeanius (Eric Gallager), Dave-Allured (Dave Allured)
Port: webkit2-gtk

Description

Multiple CVEs are fixed in 2.34.4: https://webkitgtk.org/security/WSA-2022-0001.html

Found this from my Ubuntu system:

webkit2gtk (2.34.4-0ubuntu0.20.04.1) focal-security; urgency=medium

 * Updated to 2.34.4 to fix security issues.
   - CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952,
     CVE-2021-30953, CVE-2021-30954, CVE-2021-30984

-- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 26 Jan 2022 07:22:38 -0500

Change History (9)

comment:1 Changed 2 years ago by mascguy (Christopher Nielsen)

Cc: mascguy added

comment:2 Changed 2 years ago by cooljeanius (Eric Gallager)

Cc: cooljeanius added

comment:3 Changed 18 months ago by mascguy (Christopher Nielsen)

Owner: changed from dbevans to mascguy

comment:4 Changed 18 months ago by kencu (Ken)

the nix project has been trying to keep a version of this current for darwin.

they grabbed all our patches a few years ago, and may have updated it since.

worth looking there at their current offering and patches, as it is a rather more difficult port to update I thought.

comment:5 in reply to:  4 Changed 18 months ago by mascguy (Christopher Nielsen)

Replying to kencu:

the nix project has been trying to keep a version of this current for darwin.

they grabbed all our patches a few years ago, and may have updated it since.

worth looking there at their current offering and patches, as it is a rather more difficult port to update I thought.

Great idea, as I'm currently working on reconciling our various patches against the latest upstream release. Thanks for the heads-up Ken!

comment:6 Changed 18 months ago by kencu (Ken)

looks like nix has been bogged down for several years trying to update this on darwin

https://github.com/NixOS/nixpkgs/pull/126101

comment:7 Changed 7 months ago by Dave-Allured (Dave Allured)

Cc: Dave-Allured added

comment:8 Changed 7 months ago by Dave-Allured (Dave Allured)

See main discussion of update for webkit2-gtk in #65492. This ticket #64554 should probably be closed as duplicate.

comment:9 in reply to:  8 Changed 7 months ago by mascguy (Christopher Nielsen)

Cc: mascguy removed
Resolution: duplicate
Status: assignedclosed

Replying to Dave-Allured:

See main discussion of update for webkit2-gtk in #65492. This ticket #64554 should probably be closed as duplicate.

Closing this older ticket as a duplicate, per Dave's recommendation.

Note: See TracTickets for help on using tickets.