Re: [webkit-gtk] Webkit bugzilla ID access
Hi Michael, Thanks a lot!. Kai On Wed, Aug 30, 2023 at 11:42 PM Michael Catanzaro wrote: > > Hi, see: https://commits.webkit.org/260455@main > > > ___ webkit-gtk mailing list webkit-gtk@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-gtk
Re: [webkit-gtk] Webkit bugzilla ID access
Hi, see: https://commits.webkit.org/260455@main ___ webkit-gtk mailing list webkit-gtk@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-gtk
Re: [webkit-gtk] Webkit bugzilla ID access
Hi MIchael, Would you like to share the fix commit of CVE-2023-23529, please? It is handled by https://bugs.webkit.org/show_bug.cgi?id=251944 which is still not pulibc. Sorry for duplicate email that previous is rejected by maillist. Thanks, Kai On Wed, May 31, 2023 at 10:17 PM Michael Catanzaro wrote: > > Hi, the bugs are private. I can give you the mappings between bug ID > and fix commit, though: > > 248266 - https://commits.webkit.org/258113@main > 245521 - https://commits.webkit.org/256215@main > 245466 - https://commits.webkit.org/255368@main > 247420 - https://commits.webkit.org/256519@main > 246669 - https://commits.webkit.org/255960@main > 248615 - https://commits.webkit.org/262352@main > 250837 - https://commits.webkit.org/260006@main > > That said, I don't generally recommend backporting fixes yourself > because (a) it can become pretty difficult as time goes on, and (b) > only a tiny fraction of security fixes receive CVE identifiers (maybe > around 5%). So I highly recommend upgrading to WebKitGTK 2.40.2. > WebKitGTK maintains API and ABI stability to the greatest extent > possible in order to encourage safe updates. > > Michael > > > ___ > webkit-gtk mailing list > webkit-gtk@lists.webkit.org > https://lists.webkit.org/mailman/listinfo/webkit-gtk > ___ webkit-gtk mailing list webkit-gtk@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-gtk
Re: [webkit-gtk] Webkit bugzilla ID access
On Wed, May 31 2023 at 05:13:48 AM +, "Urade, Yogita" wrote: And there are more than 15 CVE issues for 2.36.8 till now. BTW, I just noticed this: I actually count 25 CVEs fixed since 2.36.8. Please see https://webkitgtk.org/security.html for a list of CVEs. Michael ___ webkit-gtk mailing list webkit-gtk@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-gtk
Re: [webkit-gtk] Webkit bugzilla ID access
Hi, the bugs are private. I can give you the mappings between bug ID and fix commit, though: 248266 - https://commits.webkit.org/258113@main 245521 - https://commits.webkit.org/256215@main 245466 - https://commits.webkit.org/255368@main 247420 - https://commits.webkit.org/256519@main 246669 - https://commits.webkit.org/255960@main 248615 - https://commits.webkit.org/262352@main 250837 - https://commits.webkit.org/260006@main That said, I don't generally recommend backporting fixes yourself because (a) it can become pretty difficult as time goes on, and (b) only a tiny fraction of security fixes receive CVE identifiers (maybe around 5%). So I highly recommend upgrading to WebKitGTK 2.40.2. WebKitGTK maintains API and ABI stability to the greatest extent possible in order to encourage safe updates. Michael ___ webkit-gtk mailing list webkit-gtk@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-gtk
[webkit-gtk] Webkit bugzilla ID access
Hi All, I am working on Yocto project. In last LTS Yocto release the version of webkitgtk is 2.36.8. And there are more than 15 CVE issues for 2.36.8 till now. I checked the git log and "WebKitGTK and WPE WebKit Security Advisory" pages that I got info that which CVE has been fixed in which version of webkitgtk. I also checked apple support pages. From where, I found webkit bugzilla IDs for some CVE issues. I created account on webkit bugzilla and found fixes for some of the CVEs. But, still not able to access some webkit bugzilla IDs. Which are mentioned below: 248266 245521 245466 247420 246669 248615 250837 Could you pls give me access for this IDs or if possible, then colud you pls at least share fix for this IDs. So, it will be helpful for me to resolve the CVEs. Thanks a lot, Yogita ___ webkit-gtk mailing list webkit-gtk@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-gtk