Package: release.debian.org X-Debbugs-Cc:webkit2gtk@packages.debian.org User: release.debian.org@packages.debian.org Usertags: pu Tags: stretch Severity: normal Background ----------------- New minor releases of webkit2gtk are made approximately monthly to fix high-impact bugs and security vulnerabilities. New major releases are made every six months (next one is mid-September). Similar to Firefox and Chromium, it's not really feasible to separate the security fixes from other changes. For Debian 9, webkit2gtk is still excluded from normal security support and therefore the Debian Security Team is unwilling to accept webkit2gtk updates via stretch-security to avoid confusing our users. webkit2gtk 2.16.6 was released 2 weeks ago which is plenty of time for any regressions to be identified. I am unaware of any regressions with this update. News -------- https://webkitgtk.org/2017/06/20/webkitgtk2.16.4-released.html https://webkitgtk.org/2017/06/27/webkitgtk2.16.5-released.html https://webkitgtk.org/2017/07/24/webkitgtk2.16.6-released.html Security Trackers -------------------------- This update will fix all current stretch vulnerabilities listed at https://security-tracker.debian.org/tracker/source-package/webkit2gtk https://webkitgtk.org/security/WSA-2017-0005.html https://webkitgtk.org/security/WSA-2017-0006.html https://usn.ubuntu.com/usn/usn-3376-1/ Detailed Commit Log and Diff ------------------------------------------ https://trac.webkit.org/log/webkit/releases/WebKitGTK/webkit-2.16 from commits 217367-219816 You can view individual commits by clicking the radio buttons next to the commit and the previous commit then click View Changes. Or to view the whole set, see https://trac.webkit.org/changeset?reponame=webkit&new=219817%40releases%2FWebKitGTK%2Fwebkit-2.16&old=217367%40releases%2FWebKitGTK%2Fwebkit-2.16 Or shortlink: https://is.gd/8UGt2U Builds -------- webkit2gtk 2.16.6 is available in Debian unstable, testing and stretch-backports. It has built successfully on all release architectures. powerpcspe is the only architecture where the new version doesn't build but the stretch release version did. Debian Changelog -------------------------- webkit2gtk (2.16.6-0+deb9u1) stretch; urgency=medium * Team upload. * New upstream security and bugfix release. * Fixes these security issues reported in WSA-2017-0005 and WSA-2017-0006: + CVE-2017-2538, CVE-2017-7052 (fixed in 2.16.4) + CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061, CVE-2017-7064 (fixed in 2.16.6). * Add debian/patches/fix-ftbfs-m68k.patch: + Fix FTBFS in m68k (Closes: #868126). -- Jeremy Bicha <jbicha@ubuntu.com> Mon, 07 Aug 2017 00:35:25 -0400 Debdiff attached. Thanks, Jeremy Bicha
Attachment:
webkit2gtk_2.16.6-0+deb9u1.debdiff
Description: Binary data