← Back to team overview

desktop-packages team mailing list archive

[Bug 1532606] Re: depends on libwebkitgtk3 which doesn't have security support


** Changed in: zenity (Ubuntu)
   Importance: Undecided => Wishlist

** Changed in: zenity (Ubuntu)
       Status: New => Triaged

You received this bug notification because you are a member of Desktop
Packages, which is subscribed to zenity in Ubuntu.

  depends on libwebkitgtk3 which doesn't have security support

Status in zenity package in Ubuntu:
Status in zenity package in Debian:

Bug description:
  libgwebkitgtk and libwebkitgtk3 are not maintained upstream and contain 100s of active CVEs.
  It sure would be great if users of large DEs that depend on Zenity could opt-out on those CVEs...

  >   I see that zenity has a configure flag to enable/disable webkit support,
  >   would it be possible to provide a zenity-nohtml package that would
  >   "Provides: zenity" so I can keep my *DE installed without depending on a package that has
  >   no security support?

  Because zenity might not be dealing with untrusted HTML content,
  I'm not flagging this one with "security"

  For those that didn't know DANGEROUS packages may be shipped:
  You can use the package "debian-security-support", it'll tell you automatically.

To manage notifications about this bug go to: