Bug#871242: stretch-pu: package webkit2gtk/2.16.6-0+deb9u1

Jeremy Bicha jbicha at ubuntu.com
Mon Aug 7 05:02:46 UTC 2017

Package: release.debian.org
X-Debbugs-Cc:webkit2gtk at packages.debian.org
User: release.debian.org at packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal

New minor releases of webkit2gtk are made approximately monthly to fix
high-impact bugs and security vulnerabilities. New major releases are
made every six months (next one is mid-September). Similar to Firefox
and Chromium, it's not really feasible to separate the security fixes
from other changes.

For Debian 9, webkit2gtk is still excluded from normal security
support and therefore the Debian Security Team is unwilling to accept
webkit2gtk updates via stretch-security to avoid confusing our users.

webkit2gtk 2.16.6 was released 2 weeks ago which is plenty of time for
any regressions to be identified. I am unaware of any regressions with
this update.


Security Trackers
This update will fix all current stretch vulnerabilities listed at



Detailed Commit Log and Diff
from commits 217367-219816

You can view individual commits by clicking the radio buttons next to
the commit and the previous commit then click View Changes.

Or to view the whole set, see

Or shortlink: https://is.gd/8UGt2U

webkit2gtk 2.16.6 is available in Debian unstable, testing and
stretch-backports. It has built successfully on all release
architectures. powerpcspe is the only architecture where the new
version doesn't build but the stretch release version did.

Debian Changelog
webkit2gtk (2.16.6-0+deb9u1) stretch; urgency=medium

  * Team upload.
  * New upstream security and bugfix release.
  * Fixes these security issues reported in WSA-2017-0005 and
    + CVE-2017-2538, CVE-2017-7052 (fixed in 2.16.4)
    + CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,
      CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7055,
      CVE-2017-7056, CVE-2017-7061, CVE-2017-7064 (fixed in 2.16.6).
  * Add debian/patches/fix-ftbfs-m68k.patch:
    + Fix FTBFS in m68k (Closes: #868126).

 -- Jeremy Bicha <jbicha at ubuntu.com>  Mon, 07 Aug 2017 00:35:25 -0400

Debdiff attached.

Jeremy Bicha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: webkit2gtk_2.16.6-0+deb9u1.debdiff
Type: application/octet-stream
Size: 269575 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-webkit-maintainers/attachments/20170807/889c7d47/attachment-0001.obj>

More information about the Pkg-webkit-maintainers mailing list