Package: q4wine Version: 1.1-r2-1 Severity: normal Dear Maintainer,
After first configuration Q4wine launches the default web browser and opens an URL without user consent or action. This URL currently directs to a political blog post which is completely out of place in Debian. Furthermore this blog is in support of a military group involved in an ongoing conflict. This kind of blogs have been known to be used as targeted drive-by attacks vector in the past and could constitute a security threat to unsuspecting Debian users, all the more for the younger ones.
Please remedy to this behavior, the appearance of the "about" screen with relevant links should suffice should the user feels the need to go to the author's website or blog, hardcoded automatic URL loading are out of place in a Debian package at the very least, a security risk at worst IMHO
All the best. -- System Information: Debian Release: jessie/sid Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.2-sec644-grsec (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages q4wine depends on: ii icoutils 0.31.0-2 ii libc6 2.19-11 ii libgcc1 1:4.9.1-14 ii libqt4-dbus 4:4.8.6+git64-g5dc8b2b+dfsg-2 ii libqt4-network 4:4.8.6+git64-g5dc8b2b+dfsg-2 ii libqt4-sql 4:4.8.6+git64-g5dc8b2b+dfsg-2 ii libqt4-sql-sqlite 4:4.8.6+git64-g5dc8b2b+dfsg-2 ii libqt4-xml 4:4.8.6+git64-g5dc8b2b+dfsg-2 ii libqtcore4 4:4.8.6+git64-g5dc8b2b+dfsg-2 ii libqtgui4 4:4.8.6+git64-g5dc8b2b+dfsg-2 ii libstdc++6 4.9.1-14 ii sudo 1.8.10p3-1 ii wget 1.15-1+b1 Versions of packages q4wine recommends: ii wine 1.6.2-8 Versions of packages q4wine suggests: pn fuseiso <none> -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
