Update to bugfix release 2.4.10 in Trusty

Bug #1556964 reported by Amr Ibrahim on 2016-03-14
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
webkitgtk (Ubuntu)
Undecided
Marc Deslauriers
Trusty
Undecided
Marc Deslauriers
Wily
Undecided
Marc Deslauriers
Xenial
Undecided
Marc Deslauriers

Bug Description

Trusty still has 2.4.8, which is vulnerable.

http://webkitgtk.org/2016/03/14/webkitgtk2.4.10-released.html

This is a bug fix release in the stable 2.4 series.

- Fix rendering of form controls and scrollbars with GTK+ >= 3.19
- Fix crashes on PPC64.
- Fix the build on powerpc 32 bits.
- Add ARM64 build support.
- Translation updates: German, Spanish, French, Italian, Korean, Brazilian Portuguese, Russian, Chinese.
- Security fixes: CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081, CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752, CVE-2015-5809, CVE-2015-5928, CVE-2015-3749, CVE-2015-3659, CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745, CVE-2015-5822, CVE-2015-3658, CVE-2015-3741, CVE-2015-3727, CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794, CVE-2015-1127, CVE-2015-1153, CVE-2015-1083.

information type: Private Security → Public Security
Marc Deslauriers (mdeslaur) wrote :

I'll handle these as they are security updates. Thanks!

Changed in webkitgtk (Ubuntu Trusty):
status: New → Confirmed
Changed in webkitgtk (Ubuntu Wily):
status: New → Confirmed
Changed in webkitgtk (Ubuntu Xenial):
status: New → Confirmed
Changed in webkitgtk (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in webkitgtk (Ubuntu Wily):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in webkitgtk (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
summary: - [SRU] Update to bugfix release 2.4.10 in Trusty
+ Update to bugfix release 2.4.10 in Trusty
Amr Ibrahim (amribrahim1987) wrote :

Thanks Marc.

I found that webkitgtk is built against GeoClue 1 instead of GeoClue 2, while we have GeoClue 2 in main (except Trusty)! why is that?

Marc Deslauriers (mdeslaur) wrote :

Because the desktop still uses GeoClue 1.

Marc Deslauriers (mdeslaur) wrote :

See bug 1389336 for the details on why we're not using GeoClue 2 yet.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webkitgtk - 2.4.10-0ubuntu1

---------------
webkitgtk (2.4.10-0ubuntu1) xenial; urgency=medium

  * SECURITY UPDATE: Updated to 2.4.10 to fix multiple security issues
    (LP: #1556964)
    - CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081,
      CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752,
      CVE-2015-5809, CVE-2015-5928, CVE-2015-3749, CVE-2015-3659,
      CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745,
      CVE-2015-5822, CVE-2015-3658, CVE-2015-3741, CVE-2015-3727,
      CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794,
      CVE-2015-1127, CVE-2015-1153, CVE-2015-1083
  * Dropped upstreamed patches:
    - fix-gtkdoc-error.patch, atomic_build_fix.patch, ppc64-align.patch,
      fix-cloop.patch, use-abi64-for-mips64el.patch.

 -- Marc Deslauriers <email address hidden> Wed, 16 Mar 2016 07:47:51 -0400

Changed in webkitgtk (Ubuntu Xenial):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webkitgtk - 2.4.10-0ubuntu0.15.10.1

---------------
webkitgtk (2.4.10-0ubuntu0.15.10.1) wily-security; urgency=medium

  * SECURITY UPDATE: Updated to 2.4.10 to fix multiple security issues
    (LP: #1556964)
    - CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081,
      CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752,
      CVE-2015-5809, CVE-2015-5928, CVE-2015-3749, CVE-2015-3659,
      CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745,
      CVE-2015-5822, CVE-2015-3658, CVE-2015-3741, CVE-2015-3727,
      CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794,
      CVE-2015-1127, CVE-2015-1153, CVE-2015-1083
  * Dropped upstreamed patches:
    - fix-gtkdoc-error.patch, atomic_build_fix.patch, ppc64-align.patch,
      fix-cloop.patch, use-abi64-for-mips64el.patch.

 -- Marc Deslauriers <email address hidden> Wed, 16 Mar 2016 07:47:51 -0400

Changed in webkitgtk (Ubuntu Wily):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webkitgtk - 2.4.10-0ubuntu0.14.04.1

---------------
webkitgtk (2.4.10-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Updated to 2.4.10 to fix multiple security issues
    (LP: #1556964)
    - CVE-2015-1120, CVE-2015-1076, CVE-2015-1071, CVE-2015-1081,
      CVE-2015-1122, CVE-2015-1155, CVE-2014-1748, CVE-2015-3752,
      CVE-2015-5809, CVE-2015-5928, CVE-2015-3749, CVE-2015-3659,
      CVE-2015-3748, CVE-2015-3743, CVE-2015-3731, CVE-2015-3745,
      CVE-2015-5822, CVE-2015-3658, CVE-2015-3741, CVE-2015-3727,
      CVE-2015-5801, CVE-2015-5788, CVE-2015-3747, CVE-2015-5794,
      CVE-2015-1127, CVE-2015-1153, CVE-2015-1083
  * Dropped upstreamed patches:
    - fix-gtkdoc-error.patch, atomic_build_fix.patch,
      fix-textrel-x86.patch, ppc64-align.patch, render-text-control.patch,
      nullptr-frameprogresstracker.patch,
      nullptr-accessibilitymenulistoption.patch, ax-focus-events.patch,
      fix-ftbfs-pluginpackage.patch.

 -- Marc Deslauriers <email address hidden> Wed, 16 Mar 2016 08:10:33 -0400

Changed in webkitgtk (Ubuntu Trusty):
status: Confirmed → Fix Released
Michael Gratton (mjog) wrote :

2.4.10 introduced a serious bug causing consistent crashes in at least Geary and Evolution. Please upgrade to 2.4.11 which resolves these issues per Bug #1571071 / #1570278.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers