It's that time again! Release notes for 2.36.7 say: """ What's new in the WebKitGTK 2.36.7 release? =========================================== [...] - Fix several crashes and rendering issues. """ And we know what that means! Please bump.
From WSA-2022-0008, "Versions affected: WebKitGTK and WPE WebKit before 2.36.7. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." According to Apple's security advisories for this (eg https://support.apple.com/en-us/HT213412), this is Webkit bug 243557: https://bugs.webkit.org/show_bug.cgi?id=243557 Which has a link to a pull request: https://github.com/WebKit/WebKit/pull/3023 Which, despite a title that seems unrelated to security, seems to add tests for this issue: https://github.com/WebKit/WebKit/pull/3023/files
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea97c37ff098b4d0dacff27eea5fe0526e0182bd commit ea97c37ff098b4d0dacff27eea5fe0526e0182bd Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-08-26 17:30:47 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-08-26 17:31:26 +0000 net-libs/webkit-gtk: Version bump to 2.36.7 Bug: https://bugs.gentoo.org/866494 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 1 + net-libs/webkit-gtk/webkit-gtk-2.36.7.ebuild | 250 +++++++++++++++++++++++++++ 2 files changed, 251 insertions(+)
Thanks! Please stable as soon as possible.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1d278bb93fbf8fdb34ef9c125c5f4536e11c15d7 commit 1d278bb93fbf8fdb34ef9c125c5f4536e11c15d7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-31 23:54:04 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-31 23:56:59 +0000 [ GLSA 202208-39 ] WebKitGTK+: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/832990 Bug: https://bugs.gentoo.org/833568 Bug: https://bugs.gentoo.org/837305 Bug: https://bugs.gentoo.org/839984 Bug: https://bugs.gentoo.org/845252 Bug: https://bugs.gentoo.org/856445 Bug: https://bugs.gentoo.org/861740 Bug: https://bugs.gentoo.org/864427 Bug: https://bugs.gentoo.org/866494 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-39.xml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30fb91bb7302f3fcc8587a46bfcb330bd530490d commit 30fb91bb7302f3fcc8587a46bfcb330bd530490d Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2022-09-13 17:54:56 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2022-09-13 17:56:02 +0000 net-libs/webkit-gtk: Drop old versions Bug: https://bugs.gentoo.org/861740 Bug: https://bugs.gentoo.org/864427 Bug: https://bugs.gentoo.org/866494 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 4 - net-libs/webkit-gtk/files/2.36.5-fix-crash.patch | 82 -------- net-libs/webkit-gtk/metadata.xml | 1 - net-libs/webkit-gtk/webkit-gtk-2.36.3.ebuild | 249 ---------------------- net-libs/webkit-gtk/webkit-gtk-2.36.4.ebuild | 250 ---------------------- net-libs/webkit-gtk/webkit-gtk-2.36.5-r1.ebuild | 252 ----------------------- net-libs/webkit-gtk/webkit-gtk-2.36.6.ebuild | 250 ---------------------- 7 files changed, 1088 deletions(-)
