Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 845252 (CVE-2022-26700, CVE-2022-26709, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719) - <net-libs/webkit-gtk-2.36.3: Multiple vulnerabilities
Summary: <net-libs/webkit-gtk-2.36.3: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2022-26700, CVE-2022-26709, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://webkitgtk.org/security/WSA-20...
Whiteboard: A2 [glsa?]
Keywords:
Depends on: 851948
Blocks:
  Show dependency tree
 
Reported: 2022-05-18 03:17 UTC by Sam James
Modified: 2022-07-02 23:10 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-05-18 03:17:43 UTC
2.36.2 mentions "- Fix several crashes and rendering issues." which is almost always "a bunch of CVEs but we don't want to say that yet".

Thanks!
Comment 1 Larry the Git Cow gentoo-dev 2022-05-18 16:27:07 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=169adc81f429529590c778c8f923663ae547f7af

commit 169adc81f429529590c778c8f923663ae547f7af
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-05-18 16:23:39 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-05-18 16:26:59 +0000

    net-libs/webkit-gtk: Version bump to 2.36.2
    
    * Raise gst dependency to >=1.20 (bug #843950)
    
    Bug: https://bugs.gentoo.org/845252
    Closes: https://bugs.gentoo.org/843950
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 net-libs/webkit-gtk/Manifest                 |   1 +
 net-libs/webkit-gtk/webkit-gtk-2.36.2.ebuild | 250 +++++++++++++++++++++++++++
 2 files changed, 251 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-18 17:05:59 UTC
(In reply to Sam James from comment #0)
> 2.36.2 mentions "- Fix several crashes and rendering issues." which is
> almost always "a bunch of CVEs but we don't want to say that yet".
> 
> Thanks!

This also comes two days after a Safari advisory: https://support.apple.com/en-us/HT213260

Interestingly, that page has WebKit Bugzilla bug IDs, some of which are public.
Comment 3 Larry the Git Cow gentoo-dev 2022-05-29 01:17:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86cf7dde6f6cc1fdde18de42b2f66e7886c2e35e

commit 86cf7dde6f6cc1fdde18de42b2f66e7886c2e35e
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-05-29 01:16:08 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-05-29 01:17:11 +0000

    net-libs/webkit-gtk: Version bump to 2.36.3
    
    Bug: https://bugs.gentoo.org/845252
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 net-libs/webkit-gtk/Manifest                 |   1 +
 net-libs/webkit-gtk/webkit-gtk-2.36.3.ebuild | 250 +++++++++++++++++++++++++++
 2 files changed, 251 insertions(+)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-14 17:28:23 UTC
Thanks, Matt!
Comment 5 Larry the Git Cow gentoo-dev 2022-06-29 19:25:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3eeb7feb045225c1cb5340d78746fd5718f2b064

commit 3eeb7feb045225c1cb5340d78746fd5718f2b064
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-06-29 19:24:34 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-06-29 19:25:08 +0000

    net-libs/webkit-gtk: Drop old versions
    
    Bug: https://bugs.gentoo.org/845252
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 net-libs/webkit-gtk/Manifest                 |   1 -
 net-libs/webkit-gtk/webkit-gtk-2.36.1.ebuild | 250 ---------------------------
 2 files changed, 251 deletions(-)