[Bug 1970779] Re: Upgrade to 2.36.3 for Focal, Impish and Jammy
Luís Cunha dos Reis Infante da Câmara
1970779 at bugs.launchpad.net
Wed Jun 15 12:19:14 UTC 2022
I have just transformed this bug into an Stable Release Update bug.
** Description changed:
I want to upgrade the versions in Focal, Impish and Jammy to 2.36.3 to
fix security issues and other bugs, as well as adding features that
increase compatibility with current websites.
The version in Focal is affected by all vulnerabilities listed below.
The version in Impish is vulnerable to
CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294.
The version in Jammy is vulnerable to
CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294.
Debian released an advisory on April 8.
[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE can be exploited with the current package and cannot be exploited with the updated package. If the first test fails for certain CVEs, the status of that combination in the Ubuntu CVE Tracker should be changed accordingly.
[Where problems could occur]
- There are two reverse dependencies in Ubuntu (all of libwpewebkit-1.1-0):
- cog and gstreamer1.0-wpe. The feature additions and other changes (including security fixes) can cause regressions in those packages and software outside of the Ubuntu archive.
+ There are two reverse dependencies in Ubuntu (all of libwpewebkit-1.0-3): cog and gstreamer1.0-wpe, that in turn have no reverse dependencies. The feature additions and other changes (including security fixes) can cause regressions in those packages and in software outside of the Ubuntu archive.
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1970779
Title:
Upgrade to 2.36.3 for Focal, Impish and Jammy
Status in wpewebkit package in Ubuntu:
New
Bug description:
I want to upgrade the versions in Focal, Impish and Jammy to 2.36.3 to
fix security issues and other bugs, as well as adding features that
increase compatibility with current websites.
The version in Focal is affected by all vulnerabilities listed below.
The version in Impish is vulnerable to
CVE-2021-30818, CVE-2021-30823, CVE-2021-30846, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-42762, CVE-2021-45481, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637, CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294.
The version in Jammy is vulnerable to
CVE-2022-26700, CVE-2022-26709, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-30293 and CVE-2022-30294.
Debian released an advisory on April 8.
[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE can be exploited with the current package and cannot be exploited with the updated package. If the first test fails for certain CVEs, the status of that combination in the Ubuntu CVE Tracker should be changed accordingly.
[Where problems could occur]
There are two reverse dependencies in Ubuntu (all of libwpewebkit-1.0-3): cog and gstreamer1.0-wpe, that in turn have no reverse dependencies. The feature additions and other changes (including security fixes) can cause regressions in those packages and in software outside of the Ubuntu archive.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions
More information about the Ubuntu-sponsors
mailing list