Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 856445 (CVE-2022-22677, CVE-2022-26710) - <net-libs/webkit-gtk-2.36.4: Multiple vulnerabilities
Summary: <net-libs/webkit-gtk-2.36.4: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-22677, CVE-2022-26710
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://webkitgtk.org/security/WSA-20...
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 858146
Blocks:
  Show dependency tree
 
Reported: 2022-07-05 00:06 UTC by Sam James
Modified: 2022-09-19 16:01 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-07-05 00:06:55 UTC
It's that time again! Release notes for 2.36.4 say:
"""
What's new in the WebKitGTK 2.36.4 release?
===========================================
[...]
- Fix several crashes and rendering issues.
"""

And we know what that means! Please bump.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-07-05 00:07:25 UTC
I'd say consider bug 761238 for when bumping, but actually, that might be better for the next major version, given we always rapid stable these.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-05 16:30:27 UTC
Advisory was pretty quick this time:

https://webkitgtk.org/security/WSA-2022-0006.html
Comment 3 Larry the Git Cow gentoo-dev 2022-07-05 16:38:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee464019c9d81b327ec31a2d6da30f20fb8166f9

commit ee464019c9d81b327ec31a2d6da30f20fb8166f9
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-07-05 16:34:43 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-07-05 16:38:41 +0000

    net-libs/webkit-gtk: Version bump to 2.36.4
    
    * Apply patch from ayuayuayu@aaathats3as.com to remove IUSE=geolocation
      (bug #852752)
    
    Bug: https://bugs.gentoo.org/856445
    Closes: https://bugs.gentoo.org/852752
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 net-libs/webkit-gtk/Manifest                 |   1 +
 net-libs/webkit-gtk/webkit-gtk-2.36.4.ebuild | 250 +++++++++++++++++++++++++++
 2 files changed, 251 insertions(+)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-05 16:41:47 UTC
Thanks! Please stabilize when ready.
Comment 5 Larry the Git Cow gentoo-dev 2022-08-31 23:57:23 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=1d278bb93fbf8fdb34ef9c125c5f4536e11c15d7

commit 1d278bb93fbf8fdb34ef9c125c5f4536e11c15d7
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-31 23:54:04 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-31 23:56:59 +0000

    [ GLSA 202208-39 ] WebKitGTK+: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/832990
    Bug: https://bugs.gentoo.org/833568
    Bug: https://bugs.gentoo.org/837305
    Bug: https://bugs.gentoo.org/839984
    Bug: https://bugs.gentoo.org/845252
    Bug: https://bugs.gentoo.org/856445
    Bug: https://bugs.gentoo.org/861740
    Bug: https://bugs.gentoo.org/864427
    Bug: https://bugs.gentoo.org/866494
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-39.xml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-19 16:00:47 UTC
Whoops, this is all done!