b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

qtwebkit: Mark known vulnerable

Browse source 
The browser engine is based off an old Webkit version, receives no
security backports, does no releases.

The WebKitGTK people have counted over 500 CVEs they fixed since 2016.

Adding known vulnerable to make people aware they're using a browser
engine that is not up to todays standards and could very likely be
easily compromised.

Projects are recomended to migrate to qtwebengine instead.

https://blogs.gnome.org/mcatanzaro/2017/02/08/an-update-on-webkit-security-updates/
https://github.com/qutebrowser/qutebrowser/issues/4039#issue-338246939
https://blogs.gnome.org/mcatanzaro/2022/11/04/stop-using-qtwebkit/
This commit is contained in:
Martin Weinelt 2022-11-13 14:31:55 +01:00
parent 890b241276
commit a505704e8f
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
pkgs/development/libraries/qt-5/modules/qtwebkit.nix
View file

@ -69,5 +69,8 @@ qtModule {
meta = {
maintainers = with lib.maintainers; [ abbradar periklis ];
knownVulnerabilities = [
"QtWebkit upstream is unmaintained and receives no security updates, see https://blogs.gnome.org/mcatanzaro/2022/11/04/stop-using-qtwebkit/"
];
};
}