[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#990940: marked as done (release-notes: wpewebkit to be covered by security support in bullseye)

Your message dated Mon, 12 Jul 2021 20:59:08 +0200
with message-id <35f2582f-b98a-c833-094a-862bd414a71f@debian.org>
and subject line Re: Bug#990940: release-notes: wpewebkit to be covered by security support in bullseye
has caused the Debian Bug report #990940,
regarding release-notes: wpewebkit to be covered by security support in bullseye
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
990940: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990940
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release-notes
Severity: important
Tags: patch

Debian provides security support for the WebKitGTK browser engine
(source package: webkit2gtk). For bullseye we also want to support
wpewebkit, which is developed by the same team, follows a very similar
release schedule and numbering system, shares most of the code and
almost all CVEs fixes apply to both ports.

See #990754 for more details.

I'm attaching a patch for the release notes.

diff --git a/en/issues.dbk b/en/issues.dbk
index 5f177f54..9fb6861d 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -483,12 +483,13 @@ data = ${lookup{$local_part}lsearch{/some/path/$domain_data/aliases}}
 	  source packages and the concern applies to all packages shipping
 	  them. The concern also extends to web rendering engines not explicitly
 	  mentioned here, with the exception of <systemitem
-	  role="source">webkit2gtk</systemitem>.</para></footnote> are included in
-	  &releasename;, but not
-	  covered by security support. These browsers should not be used against
-	  untrusted websites.
-	  The <systemitem role="source">webkit2gtk</systemitem> source package is
-	  covered by security support.
+	  role="source">webkit2gtk</systemitem> and <systemitem
+	  role="source">wpewebkit</systemitem>.</para></footnote> are included in
+	  &releasename;, but not covered by security support. These
+          browsers should not be used against untrusted websites.
+	  The <systemitem role="source">webkit2gtk</systemitem> and
+          <systemitem role="source">wpewebkit</systemitem> source
+          packages are covered by security support.
 	</para>
 	<para>
 	  For general web browser use we recommend Firefox or Chromium.

--- End Message ---
--- Begin Message --- 
Hi

On 11-07-2021 23:40, Alberto Garcia wrote:
> On Sun, Jul 11, 2021 at 06:10:09PM +0100, Justin B Rye wrote:
> 
>> If we can refer to "webkit" and "khtml" (in the previous line) and
>> "Firefox" and "Chromium" (below) without special markup, it's not
>> clear why we need make such a big deal about "*webkit2gtk*" and
>> "*wpewebkit*" being source package names.  I would suggest just:
>>
>>    	  mentioned here, with the exception of webkit2gtk and
>>           the new wpewebkit.</para></footnote> are included in
>> 	  &releasename;, but not covered by security support. These
>>           browsers should not be used against untrusted websites.
>> 	  The webkit2gtk and wpewebkit engines
>>           <emphasis>are</emphasis> covered by security support.
> 
> Ok, here's a new patch.

Thanks, pushed.

Paul

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


--- End Message ---
Reply to: