Package: release-notes Severity: normal Tags: security Hi,
https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#browser-security says: > Therefore, browsers built upon the webkit, qtwebkit and khtml engines > are included in stretch, but not covered by security support. These > browsers should not be used against untrusted websites. But according to https://jeremy.bicha.net/2017/06/15/stretch-latest-webkitgtk/ the source package "webkit2gtk" has no "guaranteed security support for webkit2gtk for Debian 9", too. Please update that list accordingly. P.S.: While I have no source, my gut feeling says that qtwebengine-opensource-src should also be in that list. -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (990, 'unstable'), (980, 'unstable-debug'), (600, 'testing'), (111, 'buildd-unstable'), (111, 'buildd-experimental'), (110, 'experimental'), (105, 'experimental-debug') Architecture: amd64 (x86_64) Kernel: Linux 4.11.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)