On Sat, Oct 11, 2025 at 07:39:44PM +0200, Salvatore Bonaccorso wrote: > > So we would only need to apply this patch to prevent a regression > > in Evolution before updating WebKitGTK, is that right? > > > > https://salsa.debian.org/gnome-team/evolution/-/blob/debian/3.56.2-4/debian/patches/I-3124-JavaScript-Correct-dictionary-objects-creation-Web.patch > > > > It seems like a harmless change to me, but as I said none of the > > open WebKitGTK CVEs seem so critical, so if you want to wait until > > the next point release it's fine with me (there is of course the > > possibility that new CVEs appear in the next few weeks). > > or alternatively if more pressing evolution might be released > earlier via a SUA (https://lists.debian.org/debian-stable-announce/) > once it is in the proposed-updaes quueues and accepted byt he stable > managers.
So far this is not urgent, I just uploaded WebKitGTK 2.50.1 but it comes with no additional security fixes as far as I'm aware. > > Do security updates expect that users are running the most recent > > point release? > configurations where only the security archive is configured is not > really something users should do, as security updates and other > bugfix updates are released via point releases. Yes, that's what I meant, thanks! Berto
