Summary: | <net-libs/webkit-gtk-2.24.1: multiple vulnerabilities (WSA-2019-0002) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | gnome |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://webkitgtk.org/security/WSA-2019-0002.html | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
net-libs/webkit-gtk-2.24.1
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-04-13 09:50:08 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08e02e08cb8befcf19ded8e1cee3dd32025bf4bd commit 08e02e08cb8befcf19ded8e1cee3dd32025bf4bd Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2019-04-13 18:58:50 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2019-04-13 18:59:07 +0000 net-libs/webkit-gtk: security bump to 2.24.1, drop JIT control JIT manual control is getting complicated for limited benefits, which mostly involve oneself shooting in the foot. Let upstream build system figure out whether it should do JIT or not and don't get in the way. May be revisited based on any fallout and relevant bug reports after discussions on such reports convince it's needed. Bug: https://bugs.gentoo.org/683234 Bug: https://bugs.gentoo.org/680580 Bug: https://bugs.gentoo.org/680464 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Mart Raudsepp <leio@gentoo.org> net-libs/webkit-gtk/Manifest | 1 + net-libs/webkit-gtk/webkit-gtk-2.24.1.ebuild | 281 +++++++++++++++++++++++++++ 2 files changed, 282 insertions(+) Looks like no-one is complaining about the USE=jit removal so far, so lets proceed with security stabilization. Meant to get this going 2 days ago, better late than never :) amd64 stable x86 stable @gnome, please drop vulnerable. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b93f98379f931e1d3cc8c547142b7661ee8895c commit 6b93f98379f931e1d3cc8c547142b7661ee8895c Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2019-04-25 08:46:28 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2019-04-25 08:46:28 +0000 net-libs/webkit-gtk: security cleanup Bug: https://bugs.gentoo.org/683234 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Mart Raudsepp <leio@gentoo.org> net-libs/webkit-gtk/Manifest | 3 - net-libs/webkit-gtk/webkit-gtk-2.22.6.ebuild | 287 --------------------------- net-libs/webkit-gtk/webkit-gtk-2.22.7.ebuild | 287 --------------------------- net-libs/webkit-gtk/webkit-gtk-2.24.0.ebuild | 286 -------------------------- 4 files changed, 863 deletions(-) Added to an existing GLSA. This issue was resolved and addressed in GLSA 201909-05 at https://security.gentoo.org/glsa/201909-05 by GLSA coordinator Thomas Deutschmann (whissi). |