Your message dated Sat, 06 Aug 2022 15:20:48 +0000
with message-id <[email protected]>
and subject line Bug#1004293: fixed in debian-security-support 1:12+2022.08.06
has caused the Debian Bug report #1004293,
regarding warn users that src:khtml is insecure?
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1004293: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004293
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: debian-security-support
Version: 1:11+2021.03.19
Severity: normal
File: /usr/share/debian-security-support/security-support-limited
As at Debian 11,
* webkitgtk is in src:webkit2gtk, not src:webkit.
* khtml is in src:khtml, not src:kde4libs.
GNOME3 and KDE5 have been around for a while now.
I think security-support-limited should be updated to reflect this.
These libraries are used by, for example, yelp and khelpcenter.
This means this fix will make check-security-support whinge at most GUI users,
the way it already does for needrestart users (#986507).
(I think this is a good thing.
There's really no reason yelp and khelpcenter need to JIT compile
docbook/mallard to HTML and then embed a custom browser engine.
Get rid of them, render the HTML when the .deb is built, and just run the
user's normal, security-supported browser.)
Note that someone already reported the khtml issue way back in Debian 7
(#773387), but it was marked as blocked because
(paraphrasing) "KDE4 libraries are a mess and we'd end up with false positives
for EVERY library in KDE" (#765452).
This is substantially improved in KDE5, and (AFAICT) should no longer block
"correctly report src:khtml is insecure crap".
-- System Information:
Debian Release: 11.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.14.0-0.bpo.2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages debian-security-support depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.77
ii gettext-base 0.21-4
debian-security-support recommends no packages.
debian-security-support suggests no packages.
-- debconf information:
debian-security-support/earlyend:
debian-security-support/ended:
debian-security-support/limited:
--- End Message ---
--- Begin Message ---
Source: debian-security-support
Source-Version: 1:12+2022.08.06
Done: Holger Levsen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
debian-security-support, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Holger Levsen <[email protected]> (supplier of updated debian-security-support
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 06 Aug 2022 16:48:45 +0200
Source: debian-security-support
Architecture: source
Version: 1:12+2022.08.06
Distribution: unstable
Urgency: medium
Maintainer: Holger Levsen <[email protected]>
Changed-By: Holger Levsen <[email protected]>
Closes: 990432 1004293
Changes:
debian-security-support (1:12+2022.08.06) unstable; urgency=medium
.
[ Sylvain Beucler ]
* security-support-ended.deb10:
- drop support for slurm-llnl as suggested by secteam 2022-07-14.
- drop support for gpac.
- fix spacing.
.
[ Utkarsh Gupta ]
* Add myself as an uploader.
.
[ Holger Levsen ]
* Add khtml to security-support-limited. Closes: #1004293
* include /var/lib/debian-security-support in package. Closes: #990432
* d/rules: simplefy runes to determine current version. thanks adsb
Checksums-Sha1:
49eb7a79a99db8e02b7b085e0b27f3dbea7a8eb1 1907
debian-security-support_12+2022.08.06.dsc
0b95bcadcd0a8188503bd56e733f15ce63ccb028 31852
debian-security-support_12+2022.08.06.tar.xz
79f13f40f92cd34a404620d18fabf319e4f29448 6867
debian-security-support_12+2022.08.06_source.buildinfo
Checksums-Sha256:
edbf0d2bef56c237a1596408fb14f37506e97162ab7e08edc9253d2f9f185d08 1907
debian-security-support_12+2022.08.06.dsc
936ea667ff0050a0da3ab889d45013cfd225cbee34db26db8b2b46e6708cc416 31852
debian-security-support_12+2022.08.06.tar.xz
c32039995e4eeae349cda241f0ff5ae30d5bb06577e9fe68a7af65b8630e6673 6867
debian-security-support_12+2022.08.06_source.buildinfo
Files:
553cb942d0d429a9b47d282cd1a2401a 1907 admin optional
debian-security-support_12+2022.08.06.dsc
5f160761129b327de85a7ffa9034e3c2 31852 admin optional
debian-security-support_12+2022.08.06.tar.xz
9452a9e70d52d5c258ebabf6487e3e62 6867 admin optional
debian-security-support_12+2022.08.06_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmLugLsACgkQCRq4Vgaa
qhz8iw/+NemCNlCyQFub/rnuFOCjZccG/nSPRRh5y6DXy7DyaqUvvMHW31UKIj6E
EIeMT0boDOlwycDGLvHFBYMoDyGzHuzIOS7jCuqmKVBEZNiWNNGlHzsA3AsAnXkW
HvoVcJ3BIdcuPJxqB92zZAKeToeeK6wmClZUBAjcuEp7dfH2LqcWlgQjEHujZ3+e
+JzWS2s355FFFanA9Yu9guyb41qnQ7I5jiykEBa1u2BP6LQx65aHl4LpZaVTubM2
vx5Ckm/qctGGGmHdhlx+PHnMpnQYfV1to2a2dpoNgBrSMKIqbG2XaHRzkNfoeeu9
96crfzAmJDOfenKqXPAqtDz4z9DMrEGENVkmYYwFOx/9/1o/jwtH2/BMYdGEVNo2
LGpq5McCfcmmR3JBryJ9Q+bNeOQjzCOOuU7X7/Rsn8zloG1EdBg/1YDGgOf9pKlV
2OpQyAFwTlT8NnjA/pTMOkWzYbaHbE3nlYCZwJeroUKlHcwydtNey6+0Acr22dBE
2Hhm9GUfi+OkMizaNRDqTeA922Z4PVkjK53sPynE1CCzzVOcTchNLfpzDPN3CCqG
DRJ4td40TYGSa49HUphkNOVVjvHK1Waau8ULgaQ5uaJX62KKzbTgMJlPxby/lC1H
ZNKa+kO6gbGgklJNvel6Ro5vktLTxTBlzDnOyx5py11m3/fyejA=
=wPKy
-----END PGP SIGNATURE-----
--- End Message ---
