Bug#787021: jessie-pu: package webkitgtk/2.4.8-2
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hello,
webkitgtk 2.4.9 was released containing several bug fixes, including
the one for CVE-2015-2330.
I contacted the Debian security team in order to make a security
release with this fix. However, and since webkitgtk is in the
limited-support set of packages it's very unlikely that the fix can be
released through a DSA. They suggested to check if the
proposed-updates mechanism would be suitable.
The 2.4 branch of webkit is a stable branch and there's no active
development there. However it's still maintained and there are
releases with important bugfixes periodically, so I think it's the
kind of releases that would make sense in a stable distribution.
Should I upload webkitgtk 2.4.9 to wheezy-pu?
For reference here's the changelog of the latest release:
* Check TLS errors as soon as they are set in the SoupMessage to
prevent any data from being sent to the server in case of invalid
certificate. [CVE-2015-2330]
* Clear the GObject DOM bindings internal cache when frames are
destroyed or web view contents are updated.
* Add HighDPI support for non-accelerated compositing contents.
* Fix some transfer annotations used in GObject DOM bindings.
* Use latin1 instead of UTF-8 for HTTP header values.
* Fix synchronous loads when maximum connection limits are reached.
* Fix a crash ScrollView::contentsToWindow() when GtkPluginWidget
doesn’t have a parent.
* Fix a memory leak in webkit_web_policy_decision_new.
* Fix g_closure_unref runtime warning.
* Fix a crash due to empty drag image during drag and drop.
* Fix rendering of scrollbars with GTK+ >= 3.16.
* Fix the build on mingw32/msys.
* Fix the build with WebKit2 disabled.
* Fix the build with accelerated compositing disabled.
* Fix clang version check in configure.
* Fix the build with recent versions of GLib that have
GMutexLocker.
* Fix the build for Linux/MIPS64EL.
Regards,
Berto
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: