Package: release.debian.org X-Debbugs-Cc:webkit2...@packages.debian.org User: release.debian....@packages.debian.org Usertags: pu Tags: stretch Severity: normal
Background ----------------- New minor releases of webkit2gtk are made approximately monthly to fix high-impact bugs and security vulnerabilities. New major releases are made every six months (next one is mid-March). Similar to Firefox and Chromium, it's not really feasible to separate the security fixes from other changes. Basically, only one major release series is supported at a time (sometimes, there will be a final security fix for the old series shortly after the first release of the new series, but that's it.) For Debian 9, webkit2gtk is still excluded from normal security support and therefore the Debian Security Team is unwilling to accept webkit2gtk updates via stretch-security to avoid confusing our users. The latest major release webkit2gtk 2.18 was released in September. I am unaware of any remaining regressions in the new series. There was one Ubuntu-specific package that needed to be updated for 2.18. See https://launchpad.net/bugs/1712047 for more details. Generally, all the major distros have updated to 2.18 and there has been plenty of time for regressions to be noticed. News -------- https://webkitgtk.org/2017/09/11/webkitgtk2.18.0-released.html https://webkitgtk.org/2017/10/18/webkitgtk2.18.1-released.html https://webkitgtk.org/2017/10/27/webkitgtk2.18.2-released.html https://webkitgtk.org/2017/11/10/webkitgtk2.18.3-released.html https://webkitgtk.org/2017/12/19/webkitgtk2.18.4-released.html https://webkitgtk.org/2018/01/10/webkitgtk2.18.5-released.html https://webkitgtk.org/2018/01/24/webkitgtk2.18.6-released.html Security Trackers -------------------------- This update will fix all current stretch vulnerabilities listed at https://security-tracker.debian.org/tracker/source-package/webkit2gtk https://webkitgtk.org/security/WSA-2017-0008.html https://webkitgtk.org/security/WSA-2017-0009.html https://webkitgtk.org/security/WSA-2017-0010.html https://webkitgtk.org/security/WSA-2018-0001.html https://webkitgtk.org/security/WSA-2018-0002.html https://usn.ubuntu.com/usn/usn-3460-1/ https://usn.ubuntu.com/usn/usn-3481-1/ https://usn.ubuntu.com/usn/usn-3514-1/ https://usn.ubuntu.com/usn/usn-3530-1/ Detailed Commit Log and Diff ------------------------------------------ It's not really useful to provide a detailed diff or log for the upstream changes. For instance, Ubuntu's diff for the the 2.16.6 to 2.18.0 upgrade is 10 MB. https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.16.04.2 debdiff gave me a 71MB file. Builds -------- webkit2gtk 2.18.6 is available in Debian unstable, testing and stretch-backports. It has built successfully on all release architectures. (mips64el is still building on stretch-backports) Proposed Stretch Update -------------------------------- I am proposing a straight backport from Buster to Stretch. I am attaching a diff of the debian/ directory. Thanks, Jeremy Bicha
webkit2gtk_2.18.6-1~deb9u1.debdiff
Description: Binary data
