Bug#1031405: marked as done (unblock: webkit2gtk/2.38.5-1)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Thu, 16 Feb 2023 19:45:01 +0100
with message-id <Y+55rRkS3RGyd4w1@ramacher.at>
and subject line Re: Bug#1031405: unblock: webkit2gtk/2.38.5-1
has caused the Debian Bug report #1031405,
regarding unblock: webkit2gtk/2.38.5-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1031405: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031405
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: webkit2gtk/2.38.5-1
• From: Alberto Garcia <berto@igalia.com>
• Date: Thu, 16 Feb 2023 18:01:17 +0100
• Message-id: <[🔎] 167656687719.568239.2999018162559837161.reportbug@zeus.local>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock the package webkit2gtk

The webkit2gtk and wpewebkit packages are updated regularly with
security fixes (every month or two). The last one (2.38.5-1, same
version for both packages) is special because it contains a fix for a
zero-day CVE that is known by Apple to have been actively exploited:

   https://support.apple.com/en-us/HT213635
   https://security-tracker.debian.org/tracker/CVE-2023-23529

Both packages have already been uploaded to bullseye-security and
I'm planning to publish the DSA soon, but the transition from sid to
bookworm will take 10 days.

It would be great if it was possible to speed up this process.

Please tell me if you need a separate unblock request for wpewebkit.

unblock webkit2gtk/2.38.5-1

--- End Message ---

--- Begin Message ---

• To: Alberto Garcia <berto@igalia.com>, 1031405-done@bugs.debian.org
• Subject: Re: Bug#1031405: unblock: webkit2gtk/2.38.5-1
• From: Sebastian Ramacher <sramacher@debian.org>
• Date: Thu, 16 Feb 2023 19:45:01 +0100
• Message-id: <Y+55rRkS3RGyd4w1@ramacher.at>
• In-reply-to: <[🔎] 167656687719.568239.2999018162559837161.reportbug@zeus.local>
• References: <[🔎] 167656687719.568239.2999018162559837161.reportbug@zeus.local>

On 2023-02-16 18:01:17 +0100, Alberto Garcia wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock the package webkit2gtk
> 
> The webkit2gtk and wpewebkit packages are updated regularly with
> security fixes (every month or two). The last one (2.38.5-1, same
> version for both packages) is special because it contains a fix for a
> zero-day CVE that is known by Apple to have been actively exploited:
> 
>    https://support.apple.com/en-us/HT213635
>    https://security-tracker.debian.org/tracker/CVE-2023-23529
> 
> Both packages have already been uploaded to bullseye-security and
> I'm planning to publish the DSA soon, but the transition from sid to
> bookworm will take 10 days.
> 
> It would be great if it was possible to speed up this process.
> 
> Please tell me if you need a separate unblock request for wpewebkit.
> 
> unblock webkit2gtk/2.38.5-1

The mips*el builds are still missing, but I have added urgent hints for
both webkit2gtk and wpewebkit.

Cheers
-- 
Sebastian Ramacher

--- End Message ---