java not working
Ralf Mardorf
silver.bullet at zoho.com
Fri Mar 17 12:43:42 UTC 2017
On Fri, 17 Mar 2017 12:53:15 +0100, Xen wrote:
>Personally I just want to say that I consider this dictatorship.
>[snip]
>Security that I never needed and never got bitten by (in reverse).
That is how my Arch Linux does look like right now [1].
For example, you still could compile Claws-Mail with the fancy plugin
[2], but since webkit is critical and nobody will fix it, Arch a rolling
release distro, already dropped it. You should expect that Ubuntu will
do the same.
If you never was affected, then because upstream developers as
well as security teams [3], take care for you [4] and fix issues, by
either providing security upgrades or by dropping stuff nobody is
willing to continue maintaining.
Firefox isn't webkit based, but it suffers from vulnerabilities,
too. Somebody needs to maintain firefox to get rid of vulnerabilities.
If some mechanisms make this maintenance more or less impossible, it's
wise to remove those mechanisms.
FWIW ALSA support for firefox 52.0 already is disabled by upstream and
AFAIK it will be completely dropped soon. At the moment it's still
possible to build 52.0 with "--enable-alsa". It's not removed for
security reasons, just because the developers aren't willing to do the
work and continue supporting ALSA, even without any security issues
involved. I dislike this step, but I don't consider this as
dictatorship.
You could fork open source software and maintain it on your own, if you
guess it's not much work.
Some developers try to reach world domination, the once who don't care
about other, everybody actually knows two names ;), but most developers
don't drop things because they want to dominate, they simply need to
decide for what work they will spend their time.
Regards,
Ralf
[1]
[root at archlinux ~]# arch-audit
Package audiofile is affected by
["CVE-2017-6839", "CVE-2017-6838", "CVE-2017-6837", "CVE-2017-6836", "CVE-2017-6835", "CVE-2017-6834", "CVE-2017-6833", "CVE-2017-6832", "CVE-2017-6831", "CVE-2017-6830", "CVE-2017-6829", "CVE-2017-6828", "CVE-2017-6827"].
High risk!
Package jasper is affected by
["CVE-2017-6852", "CVE-2017-6850", "CVE-2017-5505", "CVE-2017-5504", "CVE-2017-5503"].
High risk!
Package lib32-curl is affected by
["CVE-2017-2629"].
Low risk! Update to 7.53.0-1!
Package lib32-libtiff is affected by
["CVE-2016-10095", "CVE-2015-7554"].
Critical risk!
Package lib32-libxslt is affected by
["CVE-2017-5029"].
Critical risk!
Package libevent is affected by
["CVE-2016-10197"].
Low risk!
Package libplist is affected by
["CVE-2017-6440", "CVE-2017-6439", "CVE-2017-6438", "CVE-2017-6437", "CVE-2017-6436", "CVE-2017-6435"].
High risk!
Package libtiff is affected by
["CVE-2016-10095", "CVE-2015-7554"].
Critical risk!
Package libusbmuxd is affected by
["CVE-2016-5104"].
Medium risk!
Package openjpeg2 is affected by
["CVE-2016-9118", "CVE-2016-9117", "CVE-2016-9116", "CVE-2016-9115", "CVE-2016-9114", "CVE-2016-9113"].
High risk!
Package webkitgtk is affected by
["CVE-2017-2373", "CVE-2017-2371", "CVE-2017-2369", "CVE-2017-2366", "CVE-2017-2365", "CVE-2017-2364", "CVE-2017-2363", "CVE-2017-2362", "CVE-2017-2356", "CVE-2017-2355", "CVE-2017-2354", "CVE-2017-2350"].
Critical risk!
Package webkitgtk2 is affected by
["CVE-2017-2373", "CVE-2017-2371", "CVE-2017-2369", "CVE-2017-2366", "CVE-2017-2365", "CVE-2017-2364", "CVE-2017-2363", "CVE-2017-2362", "CVE-2017-2356", "CVE-2017-2355", "CVE-2017-2354", "CVE-2017-2350"].
Critical risk!
Package zziplib is affected by
["CVE-2017-5981", "CVE-2017-5980", "CVE-2017-5979", "CVE-2017-5978", "CVE-2017-5977", "CVE-2017-5976", "CVE-2017-5975", "CVE-2017-5974"].
High risk!
[2]
http://manpages.ubuntu.com/manpages/xenial/man1/claws-mail-fancy-plugin.1.html
[3]
https://wiki.ubuntu.com/SecurityTeam
[4]
https://www.ubuntu.com/usn/
More information about the ubuntu-users
mailing list