Ubuntu
webkitgtk package

Update to bugfix release 2.4.10 in Trusty

Trusty (14.04)
Bug #1556964

Bug #1556964 reported by Amr Ibrahim on 2016-03-14

256

This bug affects 1 person

	Status	Importance	Assigned to
webkitgtk (Ubuntu)	Fix Released	Undecided	Marc Deslauriers
Trusty	Fix Released	Undecided	Marc Deslauriers
Wily	Fix Released	Undecided	Marc Deslauriers
Xenial	Fix Released	Undecided	Marc Deslauriers

Bug Description

Trusty still has 2.4.8, which is vulnerable.

http://webkitgtk.org/2016/03/14/webkitgtk2.4.10-released.html

This is a bug fix release in the stable 2.4 series.

- Fix rendering of form controls and scrollbars with GTK+ >= 3.19
- Fix crashes on PPC64.
- Fix the build on powerpc 32 bits.
- Add ARM64 build support.
- Translation updates: German, Spanish, French, Italian, Korean, Brazilian Portuguese, Russian, Chinese.
- Security fixes: CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081, CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752, CVE-2015-5809, CVE-2015-5928, CVE-2015-3749, CVE-2015-3659, CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745, CVE-2015-5822, CVE-2015-3658, CVE-2015-3741, CVE-2015-3727, CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794, CVE-2015-1127, CVE-2015-1153, CVE-2015-1083.

Tags:

CVE References

Amr Ibrahim (amribrahim1987) on 2016-03-14

information type:

Private Security → Public Security

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2016-03-15:

I'll handle these as they are security updates. Thanks!

Changed in webkitgtk (Ubuntu Trusty):
status:	New → Confirmed
Changed in webkitgtk (Ubuntu Wily):
status:	New → Confirmed
Changed in webkitgtk (Ubuntu Xenial):
status:	New → Confirmed
Changed in webkitgtk (Ubuntu Trusty):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in webkitgtk (Ubuntu Wily):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in webkitgtk (Ubuntu Xenial):
assignee:	nobody → Marc Deslauriers (mdeslaur)
summary:	- [SRU] Update to bugfix release 2.4.10 in Trusty + Update to bugfix release 2.4.10 in Trusty

Revision history for this message

Amr Ibrahim (amribrahim1987) wrote on 2016-03-15:

Thanks Marc.

I found that webkitgtk is built against GeoClue 1 instead of GeoClue 2, while we have GeoClue 2 in main (except Trusty)! why is that?

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2016-03-15:

Because the desktop still uses GeoClue 1.

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2016-03-15:

See bug 1389336 for the details on why we're not using GeoClue 2 yet.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-03-17:

This bug was fixed in the package webkitgtk - 2.4.10-0ubuntu1

---------------
webkitgtk (2.4.10-0ubuntu1) xenial; urgency=medium

  * SECURITY UPDATE: Updated to 2.4.10 to fix multiple security issues
    (LP: #1556964)
    - CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081,
      CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752,
      CVE-2015-5809, CVE-2015-5928, CVE-2015-3749, CVE-2015-3659,
      CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745,
      CVE-2015-5822, CVE-2015-3658, CVE-2015-3741, CVE-2015-3727,
      CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794,
      CVE-2015-1127, CVE-2015-1153, CVE-2015-1083
  * Dropped upstreamed patches:
    - fix-gtkdoc-error.patch, atomic_build_fix.patch, ppc64-align.patch,
      fix-cloop.patch, use-abi64-for-mips64el.patch.

-- Marc Deslauriers <email address hidden> Wed, 16 Mar 2016 07:47:51 -0400

Changed in webkitgtk (Ubuntu Xenial):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-03-21:

This bug was fixed in the package webkitgtk - 2.4.10-0ubuntu0.15.10.1

---------------
webkitgtk (2.4.10-0ubuntu0.15.10.1) wily-security; urgency=medium

-- Marc Deslauriers <email address hidden> Wed, 16 Mar 2016 07:47:51 -0400

Changed in webkitgtk (Ubuntu Wily):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-03-21:

This bug was fixed in the package webkitgtk - 2.4.10-0ubuntu0.14.04.1

---------------
webkitgtk (2.4.10-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Updated to 2.4.10 to fix multiple security issues
    (LP: #1556964)
    - CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081,
      CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752,
      CVE-2015-5809, CVE-2015-5928, CVE-2015-3749, CVE-2015-3659,
      CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745,
      CVE-2015-5822, CVE-2015-3658, CVE-2015-3741, CVE-2015-3727,
      CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794,
      CVE-2015-1127, CVE-2015-1153, CVE-2015-1083
  * Dropped upstreamed patches:
    - fix-gtkdoc-error.patch, atomic_build_fix.patch,
      fix-textrel-x86.patch, ppc64-align.patch, render-text-control.patch,
      nullptr-frameprogresstracker.patch,
      nullptr-accessibilitymenulistoption.patch, ax-focus-events.patch,
      fix-ftbfs-pluginpackage.patch.

-- Marc Deslauriers <email address hidden> Wed, 16 Mar 2016 08:10:33 -0400

Changed in webkitgtk (Ubuntu Trusty):
status:	Confirmed → Fix Released

Revision history for this message

Michael Gratton (mjog) wrote on 2016-04-18:

2.4.10 introduced a serious bug causing consistent crashes in at least Geary and Evolution. Please upgrade to 2.4.11 which resolves these issues per Bug #1571071 / #1570278.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuwebkitgtk package

Update to bugfix release 2.4.10 in Trusty

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
webkitgtk package