Control: tag -1 moreinfo On Wed, May 27, 2015 at 22:49:47 +0200, Alberto Garcia wrote: > webkitgtk 2.4.9 was released containing several bug fixes, including > the one for CVE-2015-2330. > > I contacted the Debian security team in order to make a security > release with this fix. However, and since webkitgtk is in the > limited-support set of packages it's very unlikely that the fix can be > released through a DSA. They suggested to check if the > proposed-updates mechanism would be suitable. > > The 2.4 branch of webkit is a stable branch and there's no active > development there. However it's still maintained and there are > releases with important bugfixes periodically, so I think it's the > kind of releases that would make sense in a stable distribution. > > Should I upload webkitgtk 2.4.9 to wheezy-pu? > > For reference here's the changelog of the latest release: > Hi Alberto, I'd be ok with this in principle, however we normally want to see a source debdiff from a tested package for a final ack. Thanks, Julien
Attachment:
signature.asc
Description: Digital signature