[Bug 1970779] Re: Upgrade to 2.36.4 for Focal, Impish and Jammy

Luís Cunha dos Reis Infante da Câmara Wed, 13 Jul 2022 06:26:34 -0700

Given the first paragraph of comment #18, I just converted this bug back
into a security update.


** Description changed:

  I want to upgrade the versions in Focal, Impish and Jammy to 2.36.4 to
  fix security issues and other bugs, as well as adding features that
  increase compatibility with current websites.
  
  The version in Focal is affected by all vulnerabilities listed below.
  
  The version in Impish is vulnerable to
  CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, 
CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, 
CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, 
CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, 
CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, 
CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-22662, 
CVE-2022-22677, CVE-2022-26710, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, 
CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294.
  
  The version in Jammy is vulnerable to
  CVE-2022-22677, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, 
CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-30293 and 
CVE-2022-30294.
  
  Debian released an advisory on April 8.
- 
- [Test Plan]
- For each combination of Ubuntu release and CVE that affects the package in 
that release, test that the CVE can be exploited with the current package and 
cannot be exploited with the updated package. If the first test fails for 
certain CVEs, the status of that combination in the Ubuntu CVE Tracker should 
be changed accordingly.
- 
- [Where problems could occur]
- There are two reverse dependencies in Ubuntu (all of libwpewebkit-1.0-3): cog 
and gstreamer1.0-wpe, that in turn have no reverse dependencies. The feature 
additions and other changes (including security fixes) can cause regressions in 
those packages and in software outside of the Ubuntu archive.

** Changed in: wpewebkit (Ubuntu)
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1970779

Title:
  Upgrade to 2.36.4 for Focal, Impish and Jammy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1970779] Re: Upgrade to 2.36.4 for Focal, Impish and Jammy

Reply via email to