[Bug 1970779] [NEW] Upgrade to 2.36.3 for Focal, Impish and Jammy

Launchpad Bug Tracker 1970779 at bugs.launchpad.net
Wed Jun 15 12:09:39 UTC 2022 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Luís Cunha dos Reis Infante da Câmara (luis220413):

I want to upgrade the versions in Focal, Impish and Jammy to 2.36.3 to
fix security issues and other bugs, as well as adding features that
increase compatibility with current websites.

The version in Focal is affected by all vulnerabilities listed below.

The version in Impish is vulnerable to
CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294.

The version in Jammy is vulnerable to
CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294.

Debian released an advisory on April 8.

[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE can be exploited with the current package and cannot be exploited with the updated package. If the first test fails for certain CVEs, the status of that combination in the Ubuntu CVE Tracker should be changed accordingly.

[Where problems could occur]
There are two reverse dependencies in Ubuntu (all of libwpewebkit-1.1-0):
cog and gstreamer1.0-wpe. The feature additions and other changes (including security fixes) can cause regressions in those packages and software outside of the Ubuntu archive.

** Affects: wpewebkit (Ubuntu)
     Importance: Undecided
     Assignee: Luís Cunha dos Reis Infante da Câmara (luis220413)
         Status: New


** Tags: community-security patch
-- 
Upgrade to 2.36.3 for Focal, Impish and Jammy
https://bugs.launchpad.net/bugs/1970779
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list