Bug 239003 - www/webkit2-gtk3: Update to 2.24.3 (fixes many code execution vulnerabilities)
Summary: www/webkit2-gtk3: Update to 2.24.3 (fixes many code execution vulnerabilities)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Koop Mast
URL:
Keywords: patch, security
Depends on:
Blocks: 240196
  Show dependency treegraph
 
Reported: 2019-07-05 10:27 UTC by Tobias Kortkamp
Modified: 2019-08-29 18:18 UTC (History)
3 users (show)

See Also:
kwm: maintainer-feedback+
koobs: merge-quarterly?


Attachments
webkit2-gtk3.diff (1.96 KB, patch)
2019-07-05 10:27 UTC, Tobias Kortkamp
tobik: maintainer-approval? (gnome)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Kortkamp freebsd_committer 2019-07-05 10:27:35 UTC
Created attachment 205528 [details]
webkit2-gtk3.diff

2.24.0 has around a dozen known arbitrary code execution (and other)
vulnerabilities:

https://webkitgtk.org/security/WSA-2019-0002.html
https://webkitgtk.org/security/WSA-2019-0003.html

We should update to 2.24.3 ASAP.

Changes:	https://webkitgtk.org/2019/04/09/webkitgtk2.24.1-released.html
Changes:	https://webkitgtk.org/2019/05/17/webkitgtk2.24.2-released.html
Changes:	https://webkitgtk.org/2019/07/02/webkitgtk2.24.3-released.html

Poudriere tested on 11.2/i386, 12.0/amd64.  Locally on 13.0/amd64.
Comment 1 commit-hook freebsd_committer 2019-07-06 06:06:37 UTC
A commit references this bug:

Author: tobik
Date: Sat Jul  6 06:05:46 UTC 2019
New revision: 505958
URL: https://svnweb.freebsd.org/changeset/ports/505958

Log:
  Document webkit2-gtk3 vulnerabilities

  PR:		239003

Changes:
  head/security/vuxml/vuln.xml
Comment 2 commit-hook freebsd_committer 2019-07-10 16:46:18 UTC
A commit references this bug:

Author: kwm
Date: Wed Jul 10 16:45:35 UTC 2019
New revision: 506359
URL: https://svnweb.freebsd.org/changeset/ports/506359

Log:
  Update webkit2-gtk3 to 2.24.3.

  PR:		239003
  Reported by:	tobik@
  MFH:		2019Q3
  Security:	3dd46e05-9fb0-11e9-bf65-00012e582166

Changes:
  head/www/webkit2-gtk3/Makefile
  head/www/webkit2-gtk3/distinfo
  head/www/webkit2-gtk3/pkg-plist
Comment 3 Koop Mast freebsd_committer 2019-07-10 16:49:30 UTC
Committed thanks.
Comment 4 commit-hook freebsd_committer 2019-08-01 08:33:07 UTC
A commit references this bug:

Author: tobik
Date: Thu Aug  1 08:32:41 UTC 2019
New revision: 507759
URL: https://svnweb.freebsd.org/changeset/ports/507759

Log:
  MFH: r506359

  Update webkit2-gtk3 to 2.24.3.

  PR:		239003
  Reported by:	tobik@
  Security:	3dd46e05-9fb0-11e9-bf65-00012e582166

  Approved by:	ports-secteam blanket (web browsers)

Changes:
_U  branches/2019Q3/
  branches/2019Q3/www/webkit2-gtk3/Makefile
  branches/2019Q3/www/webkit2-gtk3/distinfo
  branches/2019Q3/www/webkit2-gtk3/pkg-plist