Bug#964946: rhythmbox.org domain doesn't belong to GNOME/Rhythmbox

crvi crvisqr at gmail.com
Mon Jul 13 07:32:13 BST 2020 

Package: rhythmbox
Version: 3.4.4-2+b1
Severity: normal
X-Debbugs-Cc: crvisqr at gmail.com

Dear maintainer,

rhythmbox.org domain doesn't belong to GNOME/Rhythmbox anymore. The domain is
currently for sale. This introduces a security risk to users using all versions
of Rhythmbox already shipped in Debian. So, please do apply the below patch in
all "possible" debian versions and push a new release. Thanks !

Patch:
https://gitlab.gnome.org/GNOME/rhythmbox/-/commit/64c07859c936df1bc739f21b87f7a56e6f8dd161

Upstream issue: https://gitlab.gnome.org/GNOME/rhythmbox/-/issues/1751



-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 5.7.0-1-686-pae (SMP w/1 CPU thread)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_IN.UTF-8, LC_CTYPE=en_IN.UTF-8 (charmap=UTF-8), LANGUAGE=en_IN:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages rhythmbox depends on:
ii  dbus                            1.12.20-1
ii  gstreamer1.0-plugins-base       1.16.2-4
ii  gstreamer1.0-plugins-good       1.16.2-3
ii  gstreamer1.0-x                  1.16.2-4
ii  libc6                           2.30-8
ii  libglib2.0-0                    2.64.4-1
ii  libgstreamer-plugins-base1.0-0  1.16.2-4
ii  libgstreamer1.0-0               1.16.2-2
ii  libgtk-3-0                      3.24.20-1
ii  libpeas-1.0-0                   1.26.0-2
ii  librhythmbox-core10             3.4.4-2+b1
ii  libx11-6                        2:1.6.9-2+b1
ii  media-player-info               24-2
ii  rhythmbox-data                  3.4.4-2

Versions of packages rhythmbox recommends:
ii  avahi-daemon                       0.8-3
ii  gnome-shell [notification-daemon]  3.36.3-1
ii  gstreamer1.0-plugins-ugly          1.16.2-2+b1
ii  gstreamer1.0-pulseaudio            1.16.2-3
ii  gvfs-backends                      1.44.1-1
ii  notification-daemon                3.20.0-4
ii  rhythmbox-plugins                  3.4.4-2+b1
ii  yelp                               3.36.0-1

Versions of packages rhythmbox suggests:
pn  gnome-codec-install          <none>
ii  gnome-control-center         1:3.36.4-1
ii  gstreamer1.0-plugins-bad     1.16.2-2.1+b1
ii  rhythmbox-plugin-cdrecorder  3.4.4-2+b1

-- no debconf information

More information about the pkg-gnome-maintainers mailing list