Package: emacs25 Version: 25.1+1-2 Severity: important Tags: security according to check-support-status (package debian-security-support)
* Source:webkitgtk Details: No security support upstream and backports not feasible, only for use on trusted content Affected binary packages: - libjavascriptcoregtk-3.0-0:amd64 (installed version: 2.4.11-3) - libwebkitgtk-3.0-0:amd64 (installed version: 2.4.11-3) Although there is apparently some sandboxing in the use of webkit in emacs (I read that it uses a seperate process, although not anywhere authoritative), this still seems to be equivalent to shipping a JavaScript enabled browser without any security support. -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.6.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages emacs25 depends on: ii emacs25-bin-common 25.1+1-2 ii gconf-service 3.2.6-4 ii libacl1 2.2.52-3 ii libasound2 1.1.2-1 ii libatk1.0-0 2.22.0-1 ii libc6 2.24-5 ii libcairo-gobject2 1.14.6-1+b1 ii libcairo2 1.14.6-1+b1 ii libdbus-1-3 1.10.12-1 ii libfontconfig1 2.11.0-6.7 ii libfreetype6 2.6.3-3+b1 ii libgconf-2-4 3.2.6-4 ii libgdk-pixbuf2.0-0 2.36.0-1 ii libgif7 5.1.4-0.4 ii libglib2.0-0 2.50.1-1 ii libgnutls30 3.5.5-6 ii libgomp1 6.2.0-10 ii libgpm2 1.20.4-6.2 ii libgtk-3-0 3.22.2-1 ii libice6 2:1.0.9-1+b1 ii libjavascriptcoregtk-3.0-0 2.4.11-3 ii libjpeg62-turbo 1:1.5.1-2 ii libm17n-0 1.7.0-3+b1 ii libmagickcore-6.q16-2 8:6.9.6.2+dfsg-2 ii libmagickwand-6.q16-2 8:6.9.6.2+dfsg-2 ii libotf0 0.9.13-3 ii libpango-1.0-0 1.40.3-2 ii libpangocairo-1.0-0 1.40.3-2 ii libpng16-16 1.6.25-2 ii librsvg2-2 2.40.16-1 ii libselinux1 2.6-1 ii libsm6 2:1.2.2-1+b1 ii libsoup2.4-1 2.56.0-1 ii libtiff5 4.0.6-3 ii libtinfo5 6.0+20160917-1 ii libwebkitgtk-3.0-0 2.4.11-3 ii libx11-6 2:1.6.3-1 ii libx11-xcb1 2:1.6.3-1 ii libxcb1 1.12-1 ii libxcomposite1 1:0.4.4-1 ii libxfixes3 1:5.0.2-1 ii libxft2 2.3.2-1 ii libxinerama1 2:1.1.3-1+b1 ii libxml2 2.9.4+dfsg1-2.1 ii libxpm4 1:3.5.11-1+b1 ii libxrandr2 2:1.5.0-1 ii libxrender1 1:0.9.9-2 ii zlib1g 1:1.2.8.dfsg-2+b3 emacs25 recommends no packages. Versions of packages emacs25 suggests: pn emacs25-common-non-dfsg <none> -- no debconf information