On Mon, 2017-01-23 at 07:35 -0600, Michael Catanzaro wrote:
This is a reminder that the webkitgtk and webkitgtk3 packages will be
retired from rawhide shortly after F26 is branched from rawhide. This
is due to numerous security issues affecting those packages (I just
counted 204 CVEs), many of which could allow remote code execution.
Bugs have already been filed against all directly-affected packages
Note: to count the vulnerabilities, I just manually added up the CVEs
listed at , ignoring the oldest advisory WSA-2015-0001, and
discounting five of the older vulnerabilities in WSA-2015-0002.
It seems that nothing has been set to obsolete these packages. This is
breaking upgrade from Fedora 24 to Fedora 27 (without --allow-erasing),
since webkitgtk3 is installed by default in many Fedora 24 package
sets, and is built against a libicu version that is no longer in
Can someone please do something about this? Thanks.
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net