On Thu, Oct 28, 2010 at 06:18:29PM +0200, Moritz Muehlenhoff wrote: > On Mon, Oct 18, 2010 at 11:52:40AM -0200, Gustavo Noronha Silva wrote: > > Version: 1.2.5-1 > > > > Hey, > > > > On Sun, 2010-10-17 at 22:27 +0200, Moritz Muehlenhoff wrote: > > > On Mon, Oct 11, 2010 at 07:50:48PM +0200, Moritz Muehlenhoff wrote: > > > > Package: webkit > > > > Severity: grave > > > > Tags: security > > > > > > > > The following security issues need to be fixed in Webkit: > > > > > > > > http://security-tracker.debian.org/tracker/CVE-2010-1807 > > > > http://security-tracker.debian.org/tracker/CVE-2010-2646 > > > > http://security-tracker.debian.org/tracker/CVE-2010-2651 > > > > http://security-tracker.debian.org/tracker/CVE-2010-3115 > > > > > > > > Also, the status of #532514 should finally be resolved > > > > for Squeeze. > > > > > > People were claming that Webkit would be more maintainable > > > and supported then the version in Lenny. > > > > > > Still, there's no followup from the maintainers since a week. > > > > I'm kinda busy, sorry. This weekend I worked on packaging 1.2.5 after > > having worked on getting many CVEs handled upstream. Michael Gilbert > > also worked on a few more CVEs for the Debian package. The package I > > finished uploading this morning has the following CVEs handled, from > > upstream: > > Thanks for the upload. > > There's a huge amount of vulnerabilities which need to be checked > for Webkit on top of these. Shall I open a new bug? > CVE-2009-2068 > CVE-2009-3011 > CVE-2010-1131 > CVE-2010-1384 > CVE-2010-1403 > CVE-2010-1750 > CVE-2010-1757 > CVE-2010-1769 > CVE-2010-1781 > CVE-2010-1783 > CVE-2010-1805 > CVE-2010-1806 > CVE-2010-1823 > CVE-2010-1824 > CVE-2010-1825 > CVE-2010-1992 > CVE-2010-2120 > CVE-2010-2264 > CVE-2010-3246 > CVE-2010-3248 > CVE-2010-3249 > CVE-2010-3252 > CVE-2010-3253 > CVE-2010-3254 > CVE-2010-3255 > CVE-2010-3415 > CVE-2010-3416 > CVE-2010-3730 > CVE-2010-4033 > CVE-2010-4034 > CVE-2010-4035 > CVE-2010-4036 > CVE-2010-4037 > CVE-2010-4038 > CVE-2010-4039 > CVE-2010-4040 > CVE-2010-4041 > CVE-2010-4042 > > It is very important that more people get involved in webkit > maintenance, especially with regard to the backports needed for > Squeeze and given that it represents the web engine for the browser > installed in the standard desktop task. Could you maybe send a RFH > to debian-devel-announce? > > How long will the 1.2 branch be supported by upstream?
>From my POV it doesn't look like to be supported, which is the main problem we have... We can't support webkit by ourselves... Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
