Source: qgis Version: 2.14.11+dfsg-1 Severity: serious Tags: security User: de...@kali.org Usertags: origin-kali
python-qt4 dropped support for QtWebkit it's because it was not possible to provide security support for it (cf #784514). You disabled that support in response to that bug. But later you decided to re-enable it using an embedded copy, the net result is that python-qgis is now shipping files that used to be shipped by python-qt4: /usr/lib/python2.7/dist-packages/PyQt4/QtWebKit.x86_64-linux-gnu.so There are two problems: 1/ the upgrade is not safe, you can have conflicts with python-qt4 if python-qgis is upgraded before python-qt4 (even more likely in Kali where we kept QtWebkit a while longer in python-qt4) 2/ if QtWebkit cannot be suppported in python-qt4, it also cannot be supported in python-qgis IMO you should disable that embedded copy usage or at least get a prior ack from the security team. Cheers, -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
