On Mon, 2017-01-23 at 07:35 -0600, Michael Catanzaro wrote: > Hi, > > This is a reminder that the webkitgtk and webkitgtk3 packages will be > retired from rawhide shortly after F26 is branched from rawhide. This > is due to numerous security issues affecting those packages (I just > counted 204 CVEs), many of which could allow remote code execution. > Bugs have already been filed against all directly-affected packages > [1]. > > Note: to count the vulnerabilities, I just manually added up the CVEs > listed at [2], ignoring the oldest advisory WSA-2015-0001, and > discounting five of the older vulnerabilities in WSA-2015-0002. It seems that nothing has been set to obsolete these packages. This is breaking upgrade from Fedora 24 to Fedora 27 (without --allow-erasing), since webkitgtk3 is installed by default in many Fedora 24 package sets, and is built against a libicu version that is no longer in Rawhide: https://openqa.fedoraproject.org/tests/82613#step/upgrade_run/9 Can someone please do something about this? Thanks. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
