Bug 239003 - www/webkit2-gtk3: Update to 2.24.3 (fixes many code execution vulnerabilities)
Summary: www/webkit2-gtk3: Update to 2.24.3 (fixes many code execution vulnerabilities)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Koop Mast
URL:
Keywords: patch, security
Depends on:
Blocks: 240196
  Show dependency treegraph
 
Reported: 2019-07-05 10:27 UTC by Tobias Kortkamp
Modified: 2019-08-29 18:18 UTC (History)
3 users (show)

See Also:
kwm: maintainer-feedback+
koobs: merge-quarterly?

Attachments
webkit2-gtk3.diff (1.96 KB, patch)
2019-07-05 10:27 UTC, Tobias Kortkamp 		tobik: maintainer-approval? (gnome)
 Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Kortkamp freebsd_committer freebsd_triage 2019-07-05 10:27:35 UTC 
Created attachment 205528 [details]
webkit2-gtk3.diff

2.24.0 has around a dozen known arbitrary code execution (and other)
vulnerabilities:

https://webkitgtk.org/security/WSA-2019-0002.html
https://webkitgtk.org/security/WSA-2019-0003.html

We should update to 2.24.3 ASAP.

Changes:	https://webkitgtk.org/2019/04/09/webkitgtk2.24.1-released.html
Changes:	https://webkitgtk.org/2019/05/17/webkitgtk2.24.2-released.html
Changes:	https://webkitgtk.org/2019/07/02/webkitgtk2.24.3-released.html

Poudriere tested on 11.2/i386, 12.0/amd64.  Locally on 13.0/amd64.
Comment 1 commit-hook freebsd_committer freebsd_triage 2019-07-06 06:06:37 UTC 
A commit references this bug:

Author: tobik
Date: Sat Jul  6 06:05:46 UTC 2019
New revision: 505958
URL: https://svnweb.freebsd.org/changeset/ports/505958

Log:
  Document webkit2-gtk3 vulnerabilities

  PR:		239003

Changes:
  head/security/vuxml/vuln.xml
Comment 2 commit-hook freebsd_committer freebsd_triage 2019-07-10 16:46:18 UTC 
A commit references this bug:

Author: kwm
Date: Wed Jul 10 16:45:35 UTC 2019
New revision: 506359
URL: https://svnweb.freebsd.org/changeset/ports/506359

Log:
  Update webkit2-gtk3 to 2.24.3.

  PR:		239003
  Reported by:	tobik@
  MFH:		2019Q3
  Security:	3dd46e05-9fb0-11e9-bf65-00012e582166

Changes:
  head/www/webkit2-gtk3/Makefile
  head/www/webkit2-gtk3/distinfo
  head/www/webkit2-gtk3/pkg-plist
Comment 3 Koop Mast freebsd_committer freebsd_triage 2019-07-10 16:49:30 UTC 
Committed thanks.
Comment 4 commit-hook freebsd_committer freebsd_triage 2019-08-01 08:33:07 UTC 
A commit references this bug:

Author: tobik
Date: Thu Aug  1 08:32:41 UTC 2019
New revision: 507759
URL: https://svnweb.freebsd.org/changeset/ports/507759

Log:
  MFH: r506359

  Update webkit2-gtk3 to 2.24.3.

  PR:		239003
  Reported by:	tobik@
  Security:	3dd46e05-9fb0-11e9-bf65-00012e582166

  Approved by:	ports-secteam blanket (web browsers)

Changes:
_U  branches/2019Q3/
  branches/2019Q3/www/webkit2-gtk3/Makefile
  branches/2019Q3/www/webkit2-gtk3/distinfo
  branches/2019Q3/www/webkit2-gtk3/pkg-plist