[Buildroot] [PATCH 3/3] package/wpewebkit: bump to version 2.38.0
Adrian Perez de Castro
aperez at igalia.com
Wed Sep 21 19:08:02 UTC 2022
Hello Thomas, all,
On Wed, 21 Sep 2022 20:18:54 +0200 Thomas Petazzoni <thomas.petazzoni at bootlin.com> wrote:
> Hello Adrian,
>
> On Wed, 21 Sep 2022 02:00:29 +0300
> Adrian Perez de Castro <aperez at igalia.com> wrote:
>
> > Update to a new major release which brings in improvements and a few
> > new features. Release notes:
> >
> > https://wpewebkit.org/release/wpewebkit-2.38.0.html
> >
> > This release also includes security fixes for CVE-2022-32886,
> > CVE-2022-32891, and CVE-2022-32912. Accompanying security advisory:
> >
> > https://wpewebkit.org/security/WSA-2022-0009.html
>
> According to this page, CVE-2022-32891 only affects versions up 2.36.5,
> and we're using 2.36.7 in Buildroot.
>
> Also according to this page, the two other CVEs have been fixed in
> 2.36.8.
>
> So, could you rework this patch series to:
>
> - Have a first patch "package/wpewebkit: security bump to version
> 2.36.8", which does bump to 2.36.8
>
> - Has the patches updating libwpe, wpebackend-fdo.
>
> - Has the patch updating wpewebkit to 2.38.0
Of course, no problem. I'll send an update in the next days.
> Indeed, we will want to backport the 2.36.8 bump to our stable branch,
> as it contains security fixes.
Makes sense. Allowing LTS/stable distros to pick the update more easily is
one of the reasons why I made one more 2.36.x with the fixes :)
Cheers,
—Adrián
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20220921/b01e9bf0/attachment-0001.asc>
More information about the buildroot
mailing list