** Changed in: zenity (Debian)
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to zenity in Ubuntu.
https://bugs.launchpad.net/bugs/1532606
Title:
depends on libwebkitgtk3 which doesn't have security support
Status in zenity package in Ubuntu:
Triaged
Status in zenity package in Debian:
Fix Released
Bug description:
libgwebkitgtk and libwebkitgtk3 are not maintained upstream and contain 100s
of active CVEs.
It sure would be great if users of large DEs that depend on Zenity could
opt-out on those CVEs...
> I see that zenity has a configure flag to enable/disable webkit support,
> would it be possible to provide a zenity-nohtml package that would
> "Provides: zenity" so I can keep my *DE installed without depending on a
package that has
> no security support?
Because zenity might not be dealing with untrusted HTML content,
I'm not flagging this one with "security"
For those that didn't know DANGEROUS packages may be shipped:
You can use the package "debian-security-support", it'll tell you
automatically.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zenity/+bug/1532606/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
