Bug 14400

Summary:	[CVE 21] webkit CVEs found
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Arsenii <a.konovalov>
Component:	Net (ssh, samba, ssl, NM...)	Assignee:	Mikhail Novosyolov <m.novosyolov>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	critical
Priority:	Normal	CC:	a.proklov, pastordidi, survolog, v.potapov
Version:	All	Flags:	v.potapov: qa_verified+ a.konovalov: secteam_verified? a.proklov: published+
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Arsenii 2024-04-09 15:37:56 MSK

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28198 HIGH
https://nvd.nist.gov/vuln/detail/CVE-2023-32370 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2023-40397 CRITICAL

Comment 1 Grigorev Andrey 2024-04-12 12:38:05 MSK

Fix CVE by update webkit.

libbacktrace 1.0-1.gitcdb64b.3 (new in main)
https://abf.io/build_lists/5019689
https://abf.io/build_lists/5019687
https://abf.io/build_lists/5019688
https://abf.io/build_lists/5019690
https://abf.io/build_lists/5019691

unifdef 2.12-1 (new)
https://abf.io/build_lists/5019702
https://abf.io/build_lists/5019700
https://abf.io/build_lists/5019701
https://abf.io/build_lists/5019703
https://abf.io/build_lists/5019704

webkit4 2.44.1-1
https://abf.io/build_lists/5019709
https://abf.io/build_lists/5019707
https://abf.io/build_lists/5019708

Major did not change
But it is not possible to find out backward compatibility (you cannot build a debuginfo package).
So projects that may be affected by the update:
anjuta apvlv atril balsa bijiben birdfont devhelp empathy epiphany evolution evolution-data-server evolution-ews exaile fapolicy-analyzer gambas3 geany-plugins geary gnome-boxes gnome-builder gnome-documents gnome-initial-setup gnome-maps gnome-online-accounts gnucash gramps gthumb libgepub libproxy liferea lutris midori osmo python-gobject3 python-wxpython4 quodlibet rednotebook remmina rhythmbox shotwell sushi telegram-desktop wxgtk3.0 wxgtk3.1 wxgtk3.2 yad yelp zenity
I checked small part. It looks like it's working. So if nothing breaks, I suggest not to rebuild the projects.

Comment 2 Dmitry Postnikov 2024-04-12 15:00:36 MSK

*********************************
Обновление опубликовано в Тестинг

Comment 3 Vladimir Potapov 2024-04-17 16:27:59 MSK

libbacktrace-1.0-1.gitcdb64b.3
https://abf.io/build_lists/5019689
https://abf.io/build_lists/5019687
https://abf.io/build_lists/5019688
https://abf.io/build_lists/5019690
https://abf.io/build_lists/5019691

unifdef-2.12-1
https://abf.io/build_lists/5019702
https://abf.io/build_lists/5019700
https://abf.io/build_lists/5019701
https://abf.io/build_lists/5019703
https://abf.io/build_lists/5019704

webkit4-2.44.1-1
https://abf.io/build_lists/5019709
https://abf.io/build_lists/5019707
https://abf.io/build_lists/5019708
**************************** Advisory *************************
CVEs fix by webkit update
***************************************************************
QA Verified