El 16/08/24 a las 18:03, Alberto Garcia escribió:
> On Thu, Aug 15, 2024 at 02:32:42PM -0300, Santiago Ruano Rincón wrote:
> >
> > Alberto, does the following change matches your thoughts?
> >
> > diff --git a/security-support-limited.deb11 b/security-support-limited.deb11
> > index 7f5a45e..bac9734 100644
> > --- a/security-support-limited.deb11
> > +++ b/security-support-limited.deb11
> > @@ -30,4 +30,5 @@ qtwebkit-opensource-src No security support upstream and backports not feasible,
> > samba Only non-AD Domain Controller use cases are supported. See https://lists.debian.org/debian-security-announce/2023/msg00169.html
> > sql-ledger Only supported behind an authenticated HTTP zone
> > tiles Only supported for building packages, #1057343
> > +wpewebkit Updates are done by full version backports that could break the APIs. #1035997
> > zoneminder See README.Debian.security, only supported behind an authenticated HTTP zone, #922724
>
> Hi, I think that backporting the latest versions of wpewebkit to
> bullseye is no longer a feasible option.
>
> The last available version is 2.38.6-1~deb11u1 and we probably won't
> have more.
Hi, and thanks for the feedback.
FTR, the current wpewebkit's CVE notes are also clear about it:
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
I have missed looking into them.
I have updated https://salsa.debian.org/debian/debian-security-support/-/merge_requests/29
accordingly.
Cheers,
-- S
Attachment:
signature.asc
Description: PGP signature