Bug#871242: stretch-pu: package webkit2gtk/2.16.6-0+deb9u1

Jeremy Bicha jbicha at ubuntu.com
Mon Aug 7 05:02:46 UTC 2017 

Package: release.debian.org
X-Debbugs-Cc:webkit2gtk at packages.debian.org
User: release.debian.org at packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal

Background
-----------------
New minor releases of webkit2gtk are made approximately monthly to fix
high-impact bugs and security vulnerabilities. New major releases are
made every six months (next one is mid-September). Similar to Firefox
and Chromium, it's not really feasible to separate the security fixes
from other changes.

For Debian 9, webkit2gtk is still excluded from normal security
support and therefore the Debian Security Team is unwilling to accept
webkit2gtk updates via stretch-security to avoid confusing our users.

webkit2gtk 2.16.6 was released 2 weeks ago which is plenty of time for
any regressions to be identified. I am unaware of any regressions with
this update.

News
--------
https://webkitgtk.org/2017/06/20/webkitgtk2.16.4-released.html
https://webkitgtk.org/2017/06/27/webkitgtk2.16.5-released.html
https://webkitgtk.org/2017/07/24/webkitgtk2.16.6-released.html

Security Trackers
--------------------------
This update will fix all current stretch vulnerabilities listed at
https://security-tracker.debian.org/tracker/source-package/webkit2gtk

https://webkitgtk.org/security/WSA-2017-0005.html
https://webkitgtk.org/security/WSA-2017-0006.html

https://usn.ubuntu.com/usn/usn-3376-1/

Detailed Commit Log and Diff
------------------------------------------
https://trac.webkit.org/log/webkit/releases/WebKitGTK/webkit-2.16
from commits 217367-219816

You can view individual commits by clicking the radio buttons next to
the commit and the previous commit then click View Changes.

Or to view the whole set, see
https://trac.webkit.org/changeset?reponame=webkit&new=219817%40releases%2FWebKitGTK%2Fwebkit-2.16&old=217367%40releases%2FWebKitGTK%2Fwebkit-2.16

Or shortlink: https://is.gd/8UGt2U

Builds
--------
webkit2gtk 2.16.6 is available in Debian unstable, testing and
stretch-backports. It has built successfully on all release
architectures. powerpcspe is the only architecture where the new
version doesn't build but the stretch release version did.

Debian Changelog
--------------------------
webkit2gtk (2.16.6-0+deb9u1) stretch; urgency=medium

  * Team upload.
  * New upstream security and bugfix release.
  * Fixes these security issues reported in WSA-2017-0005 and
    WSA-2017-0006:
    + CVE-2017-2538, CVE-2017-7052 (fixed in 2.16.4)
    + CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,
      CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7055,
      CVE-2017-7056, CVE-2017-7061, CVE-2017-7064 (fixed in 2.16.6).
  * Add debian/patches/fix-ftbfs-m68k.patch:
    + Fix FTBFS in m68k (Closes: #868126).

 -- Jeremy Bicha <jbicha at ubuntu.com>  Mon, 07 Aug 2017 00:35:25 -0400


Debdiff attached.

Thanks,
Jeremy Bicha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: webkit2gtk_2.16.6-0+deb9u1.debdiff
Type: application/octet-stream
Size: 269575 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-webkit-maintainers/attachments/20170807/889c7d47/attachment-0001.obj>

More information about the Pkg-webkit-maintainers mailing list