Am Dienstag, den 02.11.2021, 13:31 -0400 schrieb Mark H Weaver: > Hi Liliana, > > Liliana Marie Prikler <[email protected]> writes: > > I'm now trying 2.34.4 (same version and hash as c-u-f), which at > > least appears to build further than the bug we both encounter. > > As far as I can tell, WebKitGTK 2.34.4 doesn't yet exist. The newest > version available at <https://www.webkitgtk.org/releases/>;, and the > only release version that has fixed the announced security flaws, is > 2.34.1, which is the one that we're failing to build successfully > with GCC 7.5. > > The version of WebKitGTK that I see on 'core-updates-frozen' is not > 2.34.4, but rather 2.32.4, which is the version we had on 'master' > before the (apparently untested) security update commit 8797a07ac0. > > Unfortunately that version is vulnerable to CVE-2021-30846, > CVE-2021-30851, and CVE-2021-42762, according to > <https://www.webkitgtk.org/security/WSA-2021-0006.html>;, > > Am I missing something? You're missing how I wasted hours of my life because I misread a version field... *sigh*
> I don't have time to work on this today, but I have two suggestions: > (1) look in the upstream git repo for updates that might fix this > issue, > or (2) try using a newer C++ compiler. Is this really an issue with g++? What does upstream use for compilation? (I'd rather refrain from manually trying 8, 9, 10 in succession)
