El 16/08/24 a las 18:03, Alberto Garcia escribió: > On Thu, Aug 15, 2024 at 02:32:42PM -0300, Santiago Ruano Rincón wrote: > > > > Alberto, does the following change matches your thoughts? > > > > diff --git a/security-support-limited.deb11 b/security-support-limited.deb11 > > index 7f5a45e..bac9734 100644 > > --- a/security-support-limited.deb11 > > +++ b/security-support-limited.deb11 > > @@ -30,4 +30,5 @@ qtwebkit-opensource-src No security support upstream and > > backports not feasible, > > samba Only non-AD Domain Controller use cases are supported. See > > https://lists.debian.org/debian-security-announce/2023/msg00169.html > > sql-ledger Only supported behind an authenticated HTTP zone > > tiles Only supported for building packages, #1057343 > > +wpewebkit Updates are done by full version backports that could > > break the APIs. #1035997 > > zoneminder See README.Debian.security, only supported behind an > > authenticated HTTP zone, #922724 > > Hi, I think that backporting the latest versions of wpewebkit to > bullseye is no longer a feasible option. > > The last available version is 2.38.6-1~deb11u1 and we probably won't > have more.
Hi, and thanks for the feedback.
FTR, the current wpewebkit's CVE notes are also clear about it:
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
I have missed looking into them.
I have updated
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/29
accordingly.
Cheers,
-- S
signature.asc
Description: PGP signature
