On Tue, 16 Jan 2018 15:58:11 +0100 Kristian Fiskerstrand <k...@gentoo.org> wrote:
> On 01/16/2018 03:45 PM, Aaron W. Swenson wrote: > > Given the situation, we have a choice: Remove GnuCash altogether, or > > press ahead with recommending a version upstream considers > > unstable. > > Or 3, discuss with upstream to see if they can release an updated > version as stable branch. 4. Mask the vulnerable webkit-gtk. This way: A. User is informed. B. Manual action is required to continue using such package. I see this as the most obvious choice considering that I am still unable to find any possible attack vector against GnuCash. If it is me and only me who enters data. Webkit reports are generated from those data. How can anyone hack me through GnuCash? In general, many times users use applications in a way that vulnerabilities does not apply to their use cases. I would prefer to be informed and allowed to continue using such application as a part of the distro. Robert -- Róbert Čerňanský E-mail: ope...@tightmail.com Jabber: h...@jabber.sk