[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#871242: stretch-pu: package webkit2gtk/2.16.6-0+deb9u1

Package: release.debian.org
X-Debbugs-Cc:webkit2gtk@packages.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal

Background
-----------------
New minor releases of webkit2gtk are made approximately monthly to fix
high-impact bugs and security vulnerabilities. New major releases are
made every six months (next one is mid-September). Similar to Firefox
and Chromium, it's not really feasible to separate the security fixes
from other changes.

For Debian 9, webkit2gtk is still excluded from normal security
support and therefore the Debian Security Team is unwilling to accept
webkit2gtk updates via stretch-security to avoid confusing our users.

webkit2gtk 2.16.6 was released 2 weeks ago which is plenty of time for
any regressions to be identified. I am unaware of any regressions with
this update.

News
--------
https://webkitgtk.org/2017/06/20/webkitgtk2.16.4-released.html
https://webkitgtk.org/2017/06/27/webkitgtk2.16.5-released.html
https://webkitgtk.org/2017/07/24/webkitgtk2.16.6-released.html

Security Trackers
--------------------------
This update will fix all current stretch vulnerabilities listed at
https://security-tracker.debian.org/tracker/source-package/webkit2gtk

https://webkitgtk.org/security/WSA-2017-0005.html
https://webkitgtk.org/security/WSA-2017-0006.html

https://usn.ubuntu.com/usn/usn-3376-1/

Detailed Commit Log and Diff
------------------------------------------
https://trac.webkit.org/log/webkit/releases/WebKitGTK/webkit-2.16
from commits 217367-219816

You can view individual commits by clicking the radio buttons next to
the commit and the previous commit then click View Changes.

Or to view the whole set, see
https://trac.webkit.org/changeset?reponame=webkit&new=219817%40releases%2FWebKitGTK%2Fwebkit-2.16&old=217367%40releases%2FWebKitGTK%2Fwebkit-2.16

Or shortlink: https://is.gd/8UGt2U

Builds
--------
webkit2gtk 2.16.6 is available in Debian unstable, testing and
stretch-backports. It has built successfully on all release
architectures. powerpcspe is the only architecture where the new
version doesn't build but the stretch release version did.

Debian Changelog
--------------------------
webkit2gtk (2.16.6-0+deb9u1) stretch; urgency=medium

  * Team upload.
  * New upstream security and bugfix release.
  * Fixes these security issues reported in WSA-2017-0005 and
    WSA-2017-0006:
    + CVE-2017-2538, CVE-2017-7052 (fixed in 2.16.4)
    + CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,
      CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7055,
      CVE-2017-7056, CVE-2017-7061, CVE-2017-7064 (fixed in 2.16.6).
  * Add debian/patches/fix-ftbfs-m68k.patch:
    + Fix FTBFS in m68k (Closes: #868126).

 -- Jeremy Bicha <jbicha@ubuntu.com>  Mon, 07 Aug 2017 00:35:25 -0400


Debdiff attached.

Thanks,
Jeremy Bicha

Attachment: webkit2gtk_2.16.6-0+deb9u1.debdiff
Description: Binary data

Reply to: