[Bug 1662982] [NEW] please consider removing webkitgtk
Launchpad Bug Tracker
1662982 at bugs.launchpad.net
Wed Feb 8 18:05:26 UTC 2017
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
Hello, WebKitGTK+ has recently started issuing regular security
updates[1]. These updates have been made available for the "webkit2"
version of WebKitGTK+, which is our webkit2gtk package. In a progress
report about the updates[2] Michael Catanzaro has asked distributions
to stop shipping the older version. The post includes, in part:
> [T]his old version of WebKit is affected by over 200 known
> vulnerabilities and really has to go sooner rather than later. We’ve
> agreed to remove WebKitGTK+ 2.4 and its dependencies from Fedora rawhide
> right after Fedora 26 is branched next month, so they will no longer be
> present in Fedora 27 (targeted for release in November).
It'd be nice to follow suit so that we don't ship this version of WebKit
in 18.04 LTS.
This transition may not be easy:
$ reverse-depends src:webkitgtk
Reverse-Depends
===============
* apvlv (for libwebkitgtk-3.0-0)
* balsa (for libjavascriptcoregtk-1.0-0)
* balsa (for libwebkitgtk-1.0-0)
* banshee (for libwebkitgtk-1.0-0)
* bibledit-gtk (for libwebkitgtk-1.0-0)
* bijiben (for libwebkitgtk-3.0-0)
* cairo-dock-plug-ins (for libwebkitgtk-3.0-0)
* cinnamon (for gir1.2-javascriptcoregtk-3.0)
* cinnamon-screensaver-webkit-plugin (for gir1.2-webkit2-3.0)
* claws-mail-fancy-plugin (for libwebkitgtk-1.0-0)
* cyclograph-gtk3 (for gir1.2-webkit-3.0)
* emacs25 (for libwebkitgtk-3.0-0)
* empathy (for libwebkitgtk-3.0-0)
* geany-plugin-devhelp (for libwebkitgtk-1.0-0)
* geany-plugin-markdown (for libwebkitgtk-1.0-0)
* geany-plugin-webhelper (for libwebkitgtk-1.0-0)
* geary (for libwebkitgtk-3.0-0)
* gnome-web-photo (for libwebkitgtk-3.0-0)
* gnucash (for libwebkitgtk-1.0-0)
* gphpedit (for libwebkitgtk-1.0-0)
* gtkpod (for libwebkitgtk-3.0-0)
* guitarix (for libwebkitgtk-1.0-0)
* libwebkit1.1-cil (for libwebkitgtk-1.0-0)
* libwebkitgtk3.0-cil (for libwebkitgtk-3.0-0)
* libwxgtk-webview3.0-0v5 (for libwebkitgtk-1.0-0)
* liferea (for libwebkitgtk-3.0-0)
* lightdm-webkit-greeter (for libjavascriptcoregtk-1.0-0)
* lightdm-webkit-greeter (for libwebkitgtk-1.0-0)
* luakit (for libjavascriptcoregtk-1.0-0)
* luakit (for libwebkitgtk-1.0-0)
* maildir-utils-extra (for libwebkitgtk-3.0-0)
* midori (for libwebkitgtk-1.0-0)
* midori (for libjavascriptcoregtk-1.0-0)
* monodevelop (for libwebkitgtk-1.0-0)
* node-topcube (for libwebkitgtk-1.0-0)
* osmo (for libwebkitgtk-1.0-0)
* python-webkit (for libwebkitgtk-1.0-0)
* ruby-webkit-gtk (for gir1.2-webkit-3.0)
* sugar-read-activity (for gir1.2-webkit-3.0)
* surf (for libjavascriptcoregtk-3.0-0)
* surf (for libwebkitgtk-3.0-0)
* thawab (for gir1.2-webkit-3.0)
* typecatcher (for gir1.2-webkit-3.0)
* ubuntu-release-upgrader-gtk (for gir1.2-webkit-3.0)
* uzbl (for libwebkitgtk-1.0-0)
* uzbl (for libjavascriptcoregtk-1.0-0)
* variety (for gir1.2-webkit-3.0)
* webkit-image-gtk (for libwebkitgtk-1.0-0)
* webkit2pdf (for libwebkitgtk-1.0-0)
* xiphos (for libwebkitgtk-3.0-0)
* xombrero (for libjavascriptcoregtk-3.0-0)
* xombrero (for libwebkitgtk-3.0-0)
* xtrkcad (for libwebkitgtk-1.0-0)
* zekr (for libwebkitgtk-1.0-0)
The Fedora plans include removing all packages that aren't upgraded[3]:
> Dependencies that are not updated to use modern WebKit will not be
> present in Fedora 27.
Thanks
1: https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/
2: https://blogs.gnome.org/mcatanzaro/2017/02/08/an-update-on-webkit-security-updates/
3: https://bugzilla.redhat.com/show_bug.cgi?id=1375784
** Affects: webkitgtk (Ubuntu)
Importance: Undecided
Status: New
--
please consider removing webkitgtk
https://bugs.launchpad.net/bugs/1662982
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is subscribed to the bug report.
More information about the ubuntu-archive
mailing list