Bug#1139272: apostrophe: links to pollyfill.io, security danger, outdated package?
Arturo
mhmp2agug at mozmail.com
Mon Jun 8 01:17:42 BST 2026
Package: apostrophe
Severity: grave
Justification: user security hole
X-Debbugs-Cc: mhmp2agug at mozmail.com
Dear Maintainer,
Math enclosed in dollar signs woulden't render, and would cause it to freeze the preview. upon deleting the math that caused it to freeze and closing+reopening the preview a pollyfin.io authentication window popped up.
I believe this may be an older package. Pollyfill was removed from many programs/websites in 2024
-- System Information:
Debian Release: 13.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.12.90+deb13.1-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apostrophe depends on:
ii dconf-gsettings-backend [gsettings-backend] 0.40.0-5
ii gir1.2-adw-1 1.7.6-1~deb13u1
ii gir1.2-glib-2.0 2.84.4-3~deb13u3
ii gir1.2-gtk-4.0 4.18.6+ds-2
ii gir1.2-spelling-1 0.4.8-1
ii gir1.2-webkit-6.0 2.52.3-2~deb13u1
ii python3 3.13.5-1
ii python3-pypandoc 1.15+ds0-1
ii python3-zombie-telnetlib 1.001
apostrophe recommends no packages.
apostrophe suggests no packages.
More information about the pkg-gnome-maintainers
mailing list