| commit | a505704e8f6c136ab015243c2807e39e012217d7 | |
| author | Martin Weinelt <hexa@darmstadt.ccc.de> | |
| Sun, 13 Nov 2022 13:31:55 +0000 (13 14:31 +0100) | ||
| committer | Martin Weinelt <hexa@darmstadt.ccc.de> | |
| Sun, 13 Nov 2022 13:41:26 +0000 (13 14:41 +0100) | ||
| tree | 9229e33a82fb444c5265e1abfdcfcbcfbd1957c2 | treesnapshot (tar.gz zip) |
| parent | 890b241276a25e4e8fb9077b35fd29e50a79c9ad | commitdiff |
qtwebkit: Mark known vulnerable
The browser engine is based off an old Webkit version, receives no
security backports, does no releases.
The WebKitGTK people have counted over 500 CVEs they fixed since 2016.
Adding known vulnerable to make people aware they're using a browser
engine that is not up to todays standards and could very likely be
easily compromised.
Projects are recomended to migrate to qtwebengine instead.
https://blogs.gnome.org/mcatanzaro/2017/02/08/an-update-on-webkit-security-updates/
https://github.com/qutebrowser/qutebrowser/issues/4039#issue-338246939
https://blogs.gnome.org/mcatanzaro/2022/11/04/stop-using-qtwebkit/
The browser engine is based off an old Webkit version, receives no
security backports, does no releases.
The WebKitGTK people have counted over 500 CVEs they fixed since 2016.
Adding known vulnerable to make people aware they're using a browser
engine that is not up to todays standards and could very likely be
easily compromised.
Projects are recomended to migrate to qtwebengine instead.
https://blogs.gnome.org/mcatanzaro/2017/02/08/an-update-on-webkit-security-updates/
https://github.com/qutebrowser/qutebrowser/issues/4039#issue-338246939
https://blogs.gnome.org/mcatanzaro/2022/11/04/stop-using-qtwebkit/
| pkgs/development/libraries/qt-5/modules/qtwebkit.nix | diffblobblamehistory |