Public bug reported:
libgwebkitgtk and libwebkitgtk3 are not maintained upstream and contain 100s of
active CVEs.
It sure would be great if users of large DEs that depend on Zenity could
opt-out on those CVEs...
> I see that zenity has a configure flag to enable/disable webkit support,
> would it be possible to provide a zenity-nohtml package that would
> "Provides: zenity" so I can keep my *DE installed without depending on a
> package that has
> no security support?
Because zenity might not be dealing with untrusted HTML content,
I'm not flagging this one with "security"
For those that didn't know DANGEROUS packages may be shipped:
You can use the package "debian-security-support", it'll tell you automatically.
** Affects: zenity (Ubuntu)
Importance: Undecided
Status: New
** Affects: zenity (Debian)
Importance: Unknown
Status: Unknown
** Bug watch added: Debian Bug tracker #777608
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777608
** Also affects: zenity (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777608
Importance: Unknown
Status: Unknown
** Summary changed:
- depends on libwebkitgtk which doesn't have security support
+ depends on libwebkitgtk3 which doesn't have security support
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1532606
Title:
depends on libwebkitgtk3 which doesn't have security support
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zenity/+bug/1532606/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
