<![CDATA[Dev1 Galaxy Forum / luakit and CVE-2023-40476 - or - security in Devuan]]> https://dev1galaxy.org/viewtopic.php?id=6076 Fri, 13 Oct 2023 11:06:49 +0000 FluxBB <![CDATA[luakit and CVE-2023-40476 - or - security in Devuan]]> https://dev1galaxy.org/viewtopic.php?pid=44864#p44864 Hi people,

I stumbled upun a security problem today. Is there a solution for this kind of problem?

I use luakit. CVE-2023-40476 [1] applies to luakit via libwebkit2gtk-4.0-37 . So - I have questions:
- Why does libwebkit2gtk-4.0-37 depend on libgstreamer-plugins-bad1.0-0 - which is explicitly the less-maintained part of gstreamer?
- Do we really want to rely on Debian doing the right thing here?

[1] https://security-tracker.debian.org/tra … 2023-40476

]]> Fri, 13 Oct 2023 11:06:49 +0000 https://dev1galaxy.org/viewtopic.php?pid=44864#p44864