On Thu, 28 Oct 2010 18:26:47 +0200, Mike Hommey wrote: > On Thu, Oct 28, 2010 at 06:18:29PM +0200, Moritz Muehlenhoff wrote: > > On Mon, Oct 18, 2010 at 11:52:40AM -0200, Gustavo Noronha Silva wrote: > > > Version: 1.2.5-1 > > > > > > Hey, > > > > > > On Sun, 2010-10-17 at 22:27 +0200, Moritz Muehlenhoff wrote: > > > > On Mon, Oct 11, 2010 at 07:50:48PM +0200, Moritz Muehlenhoff wrote: > > > > > Package: webkit > > > > > Severity: grave > > > > > Tags: security > > > > > > > > > > The following security issues need to be fixed in Webkit: > > > > > > > > > > http://security-tracker.debian.org/tracker/CVE-2010-1807 > > > > > http://security-tracker.debian.org/tracker/CVE-2010-2646 > > > > > http://security-tracker.debian.org/tracker/CVE-2010-2651 > > > > > http://security-tracker.debian.org/tracker/CVE-2010-3115 > > > > > > > > > > Also, the status of #532514 should finally be resolved > > > > > for Squeeze. > > > > > > > > People were claming that Webkit would be more maintainable > > > > and supported then the version in Lenny. > > > > > > > > Still, there's no followup from the maintainers since a week. > > > > > > I'm kinda busy, sorry. This weekend I worked on packaging 1.2.5 after > > > having worked on getting many CVEs handled upstream. Michael Gilbert > > > also worked on a few more CVEs for the Debian package. The package I > > > finished uploading this morning has the following CVEs handled, from > > > upstream: > > > > Thanks for the upload. > > > > There's a huge amount of vulnerabilities which need to be checked > > for Webkit on top of these. Shall I open a new bug? > > CVE-2009-2068 > > CVE-2009-3011 > > CVE-2010-1131 > > CVE-2010-1384 > > CVE-2010-1403 > > CVE-2010-1750 > > CVE-2010-1757 > > CVE-2010-1769 > > CVE-2010-1781 > > CVE-2010-1783 > > CVE-2010-1805 > > CVE-2010-1806 > > CVE-2010-1823 > > CVE-2010-1824 > > CVE-2010-1825 > > CVE-2010-1992 > > CVE-2010-2120 > > CVE-2010-2264 > > CVE-2010-3246 > > CVE-2010-3248 > > CVE-2010-3249 > > CVE-2010-3252 > > CVE-2010-3253 > > CVE-2010-3254 > > CVE-2010-3255 > > CVE-2010-3415 > > CVE-2010-3416 > > CVE-2010-3730 > > CVE-2010-4033 > > CVE-2010-4034 > > CVE-2010-4035 > > CVE-2010-4036 > > CVE-2010-4037 > > CVE-2010-4038 > > CVE-2010-4039 > > CVE-2010-4040 > > CVE-2010-4041 > > CVE-2010-4042 > > > > It is very important that more people get involved in webkit > > maintenance, especially with regard to the backports needed for > > Squeeze and given that it represents the web engine for the browser > > installed in the standard desktop task. Could you maybe send a RFH > > to debian-devel-announce? > > > > How long will the 1.2 branch be supported by upstream? > > From my POV it doesn't look like to be supported, which is the main > problem we have... We can't support webkit by ourselves...
Didn't Gustavo take over as the manager for stable upstream releases? Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
