Hi Leo, Leo Famulari <[email protected]> writes:
> On Thu, Nov 04, 2021 at 08:57:18AM -0400, Mark H Weaver wrote: >> Although the WebKitGTK package itself built successfully using GCC 11, >> the switch to GCC 11 caused many failures in programs that use >> WebKitGTK. For example: > > Should we just revert the WebKitGTK upgrade for now? I'm reluctant to do that, because it would mean reintroducing CVE-2021-30846, CVE-2021-30851 and CVE-2021-42762. According to <https://www.webkitgtk.org/security/WSA-2021-0006.html>, two of those CVEs could allow an attacker to execute arbitrary code via maliciously crafted web content. For now, I've reverted back to using clang-11 to compile WebKitGTK, which works correctly on x86_64-linux, but another fix will be needed to i686-linux users. I have some ideas on how to fix it. I'll write about that soon at [email protected]. Regards, Mark -- Disinformation flourishes because many people care deeply about injustice but very few check the facts. Ask me about <https://stallmansupport.org>.
