Bug 29326 - QtWebkit and dependencies (like wkhtmltopdf) should be dropped
Summary: QtWebkit and dependencies (like wkhtmltopdf) should be dropped
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: release_blocker major
Target Milestone: Mageia 9
Assignee: KDE maintainers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-08-04 19:50 CEST by David Walser
Modified: 2021-08-04 19:50 CEST (History)
0 users

See Also:
Source RPM: qtwebkit-2.3.4-15.mga8.src.rpm, qtwebkit5-5.212.0-1.alpha4.8.mga9.src.rpm, qtwebkit5-examples-and-demos-5.9.0-5.mga8.src.rpm, wkhtmltopdf-0.12.5-4.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2021-08-04 19:50:08 CEST
As this oss-security post reminds us, QtWebkit is unmaintained and full of known security vulnerabilities:
https://www.openwall.com/lists/oss-security/2021/08/04/1

They mention that wkhtmltopdf is particularly problematic, and that it has alternatives (such as weasyprint and puppeteer) available.

We should drop and/or replace all of this stuff before Mageia 9.
David Walser 2021-08-04 19:50:22 CEST

Priority: Normal => release_blocker
Target Milestone: --- => Mageia 9


Note You need to log in before you can comment on or make changes to this bug.