Public bug reported: libgwebkitgtk and libwebkitgtk3 are not maintained upstream and contain 100s of active CVEs. It sure would be great if users of large DEs that depend on Zenity could opt-out on those CVEs...
> I see that zenity has a configure flag to enable/disable webkit support, > would it be possible to provide a zenity-nohtml package that would > "Provides: zenity" so I can keep my *DE installed without depending on a > package that has > no security support? Because zenity might not be dealing with untrusted HTML content, I'm not flagging this one with "security" For those that didn't know DANGEROUS packages may be shipped: You can use the package "debian-security-support", it'll tell you automatically. ** Affects: zenity (Ubuntu) Importance: Undecided Status: New ** Affects: zenity (Debian) Importance: Unknown Status: Unknown ** Bug watch added: Debian Bug tracker #777608 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777608 ** Also affects: zenity (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777608 Importance: Unknown Status: Unknown ** Summary changed: - depends on libwebkitgtk which doesn't have security support + depends on libwebkitgtk3 which doesn't have security support -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532606 Title: depends on libwebkitgtk3 which doesn't have security support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zenity/+bug/1532606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs