oss-sec mailing list archives
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001
From: John Helmert III <ajak () gentoo org>
Date: Sat, 22 Jan 2022 22:02:46 -0600
In this case the advisory was published the same day as the release, but in general I notice that WebKit security advisories are published sometimes weeks after the releases, often with vague changelog notes like "Fix several crashes and rendering issues.". For example, WSA-2021-0006 was released on October 26th, 2021 noting fixes for 2.32.4, 2.34.0, and 2.34.1, which were released on September 17, September 22, and October 21 respectively. With this big of a gap between releases and security advisories, it seems that users and distributors will be unaware of the necessity of updating due to security fixes, sometimes for weeks after the release. Why not always publish advisories close to new releases?
Attachment:
signature.asc
Description:
Current thread:
- WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Carlos Alberto Lopez Perez (Jan 21)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 John Helmert III (Jan 23)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Leo Famulari (Jan 24)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 John Helmert III (Jan 24)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Leo Famulari (Jan 29)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Sam James (Jan 30)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Leo Famulari (Jan 24)
- Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 John Helmert III (Jan 23)