Bug#787021: jessie-pu: package webkitgtk/2.4.8-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#787021: jessie-pu: package webkitgtk/2.4.8-2
From: Alberto Garcia <berto@igalia.com>
Date: Wed, 27 May 2015 22:49:47 +0200
Message-id: <[🔎] 20150527204947.6420.60200.reportbug@perseus.local>
Reply-to: Alberto Garcia <berto@igalia.com>, 787021@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hello,

webkitgtk 2.4.9 was released containing several bug fixes, including
the one for CVE-2015-2330.

I contacted the Debian security team in order to make a security
release with this fix. However, and since webkitgtk is in the
limited-support set of packages it's very unlikely that the fix can be
released through a DSA. They suggested to check if the
proposed-updates mechanism would be suitable.

The 2.4 branch of webkit is a stable branch and there's no active
development there. However it's still maintained and there are
releases with important bugfixes periodically, so I think it's the
kind of releases that would make sense in a stable distribution.

Should I upload webkitgtk 2.4.9 to wheezy-pu?

For reference here's the changelog of the latest release:

   * Check TLS errors as soon as they are set in the SoupMessage to
     prevent any data from being sent to the server in case of invalid
     certificate. [CVE-2015-2330]
   * Clear the GObject DOM bindings internal cache when frames are
     destroyed or web view contents are updated.
   * Add HighDPI support for non-accelerated compositing contents.
   * Fix some transfer annotations used in GObject DOM bindings.
   * Use latin1 instead of UTF-8 for HTTP header values.
   * Fix synchronous loads when maximum connection limits are reached.
   * Fix a crash ScrollView::contentsToWindow() when GtkPluginWidget
     doesn’t have a parent.
   * Fix a memory leak in webkit_web_policy_decision_new.
   * Fix g_closure_unref runtime warning.
   * Fix a crash due to empty drag image during drag and drop.
   * Fix rendering of scrollbars with GTK+ >= 3.16.
   * Fix the build on mingw32/msys.
   * Fix the build with WebKit2 disabled.
   * Fix the build with accelerated compositing disabled.
   * Fix clang version check in configure.
   * Fix the build with recent versions of GLib that have
     GMutexLocker.
   * Fix the build for Linux/MIPS64EL.

Regards,

Berto

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply to:

Prev by Date: Processed: Re: Bug#787014: jessie-pu: package multipath-tools/0.5.0-6
Next by Date: Bug#787024: transition: libaqbanking
Previous by thread: Processed: Re: Bug#787014: jessie-pu: package multipath-tools/0.5.0-6
Next by thread: Bug#787024: transition: libaqbanking
Index(es):
- Date
- Thread