Package: debian-security-support Version: 1:11+2021.03.19 Severity: normal File: /usr/share/debian-security-support/security-support-limited
As at Debian 11, * webkitgtk is in src:webkit2gtk, not src:webkit. * khtml is in src:khtml, not src:kde4libs. GNOME3 and KDE5 have been around for a while now. I think security-support-limited should be updated to reflect this. These libraries are used by, for example, yelp and khelpcenter. This means this fix will make check-security-support whinge at most GUI users, the way it already does for needrestart users (#986507). (I think this is a good thing. There's really no reason yelp and khelpcenter need to JIT compile docbook/mallard to HTML and then embed a custom browser engine. Get rid of them, render the HTML when the .deb is built, and just run the user's normal, security-supported browser.) Note that someone already reported the khtml issue way back in Debian 7 (#773387), but it was marked as blocked because (paraphrasing) "KDE4 libraries are a mess and we'd end up with false positives for EVERY library in KDE" (#765452). This is substantially improved in KDE5, and (AFAICT) should no longer block "correctly report src:khtml is insecure crap". -- System Information: Debian Release: 11.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.14.0-0.bpo.2-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages debian-security-support depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.77 ii gettext-base 0.21-4 debian-security-support recommends no packages. debian-security-support suggests no packages. -- debconf information: debian-security-support/earlyend: debian-security-support/ended: debian-security-support/limited:
