[Secure-testing-team] Bug#594550: RM: webkit/1.0.1-4+lenny2
Philipp Kern
pkern at debian.org
Fri Aug 27 06:49:54 UTC 2010
On Fri, Aug 27, 2010 at 12:01:37AM -0400, Michael Gilbert wrote:
> The lenny webkit package has an insurmountable number of security
> vulnerabilities [0]. The version included there was of an experimental
> nature, and the only front end available is the builtin GtkLauncher
> app, which isn't very functional itself and is likely used by no one.
> There are no reverse dependencies.
>
> Please remove the package for the upcoming lenny point release. I've
> brought this up with the security team and webkit maintainers [1],[2],
> and there has so far been no objection. However, I also didn't get
> any responses either way. You may want to try to touch base with
> either/both teams directly.
>
> I think removal is the only supportable course of action.
The secure-testing list is inappropriate to ask the security team about a
package in Lenny. Please use the appropriate contact and get them to reply.
Some CVEs are listed as "minor issue - no DSA", so it wouldn't be valid
to remove it for that. (Sadly it seems that there's no overview to list
a package's vulnerabilities in Lenny at a glance?)
Kind regards,
Philipp Kern
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100827/5e145cf9/attachment.pgp>
More information about the Secure-testing-team
mailing list