Hi, This mail is in regards to WSA-2015-0002: http://webkitgtk.org/security /WSA-2015-0002.html In short, we have by my count: * Zero CVEs affecting the webkitgtk4 package in F23 * 40 CVEs affecting the webkitgtk4 package in F22 * 129 CVEs affecting the webkitgtk and webkitgtk3 packages in F22/F23 The vast majority of these issues allow for "remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." My proposal is to update webkitgtk4 in F22 from 2.8.5 to 2.10.4 and hope that not much breaks. This is probably relatively safe, since 2.10.4 has been in F23 for a while, I'm not aware of any issues related to the upgrade, and it's API/ABI compatible. 2.8 -> 2.10 is a major upgrade encompassing six months of development on WebKit trunk (from February to August 2015). This means there will inevitably be regressions. Normally I don't advocate large version updates for stable Fedora releases, but web engines are special in that it's the only practical way to provide security support. We can't backport 40 patches to F22, so if we don't do this update, we should instead announce that security support for webkitgtk4 is provided only to the latest Fedora release. Certainly it's not practical to provide security support for the webkitgtk or webkitgtk3 packages going forward. We can either remove them from the distro at some flag date (F25 branch point?), or ignore the problem like we do for qtwebkit. Probably the later is a better approach, since there is a lot that still depends on these packages. 'reqoquery --whatrequires webkitgtk' says: atril-0:1.10.2-1.fc23.x86_64 atril-0:1.12.1-1.fc23.x86_64 atril-libs-0:1.10.2-1.fc23.i686 atril-libs-0:1.10.2-1.fc23.x86_64 atril-libs-0:1.12.1-1.fc23.i686 atril-libs-0:1.12.1-1.fc23.x86_64 banshee-0:2.6.2-12.fc23.x86_64 claws-mail-plugins-fancy-0:3.12.0-1.fc23.x86_64 compat-wxGTK3-gtk2-0:3.0.2-5.1.fc23.i686 compat-wxGTK3-gtk2-0:3.0.2-5.1.fc23.x86_64 compat-wxGTK3-gtk2-0:3.0.2-6.fc23.i686 compat-wxGTK3-gtk2-0:3.0.2-6.fc23.x86_64 eclipse-swt-1:4.5.1-1.fc23.x86_64 eclipse-swt-1:4.5.1-6.fc23.x86_64 geany-plugins-devhelp-0:1.24-6.fc23.x86_64 geany-plugins-devhelp-0:1.25-4.fc23.x86_64 geany-plugins-markdown-0:1.24-6.fc23.x86_64 geany-plugins-markdown-0:1.25-4.fc23.x86_64 geany-plugins-webhelper-0:1.24-6.fc23.x86_64 geany-plugins-webhelper-0:1.25-4.fc23.x86_64 ghc-webkit-0:0.13.1.3-1.fc23.x86_64 gimp-2:2.8.14-3.fc23.x86_64 gimp-2:2.8.16-1.fc23.x86_64 gimp-help-browser-2:2.8.14-3.fc23.x86_64 gimp-help-browser-2:2.8.16-1.fc23.x86_64 gmpc-0:11.8.16-9.fc23.x86_64 gnucash-0:2.6.9-1.fc23.x86_64 gphpedit-0:0.9.98-0.10.RC1.fc23.x86_64 guitarix-0:0.34.0-1.fc23.x86_64 gyachi-0:1.2.11-13.fc23.x86_64 jumanji-0:0-5.20111209git963b309.fc23.x86_64 kazehakase-webkit-0:0.5.8-19.svn3873_trunk.fc23.x86_64 lekhonee-gnome-0:0.12-8.fc23.x86_64 midori-0:0.5.10-2.fc23.i686 midori-0:0.5.10-2.fc23.x86_64 midori-0:0.5.11-1.fc23.i686 midori-0:0.5.11-1.fc23.x86_64 osmo-0:0.2.12-0.8.svn924.fc23.1.x86_64 perl-Gtk2-WebKit-0:0.09-13.fc23.x86_64 pywebkitgtk-0:1.1.8-10.fc23.x86_64 surf-0:0.6-5.fc23.x86_64 techne-0:0.2.3-15.fc23.x86_64 webkit-sharp-0:0.3-16.fc23.x86_64 webkitgtk-devel-0:2.4.9-3.fc23.i686 webkitgtk-devel-0:2.4.9-3.fc23.x86_64 webkitgtk-doc-0:2.4.9-3.fc23.noarch xiphos-gtk2-0:4.0.3-1.fc23.x86_64 xiphos-gtk2-0:4.0.4-1.fc23.x86_64 'reqoquery --whatrequires webkitgtk3' balsa-0:2.5.2-2.fc23.x86_64 bijiben-0:3.18.1-1.fc23.x86_64 bijiben-0:3.18.2-1.fc23.x86_64 cairo-dock-plug-ins-webkit-0:3.4.1-4.fc23.x86_64 dwb-0:2014.03.07-4.fc22.x86_64 empathy-0:3.12.11-1.fc23.x86_64 evolution-0:3.18.1-1.fc23.i686 evolution-0:3.18.1-1.fc23.x86_64 evolution-0:3.18.3-1.fc23.i686 evolution-0:3.18.3-1.fc23.x86_64 evolution-bogofilter-0:3.18.1-1.fc23.x86_64 evolution-bogofilter-0:3.18.3-1.fc23.x86_64 evolution-ews-0:3.18.1-1.fc23.x86_64 evolution-ews-0:3.18.3-1.fc23.x86_64 evolution-mapi-0:3.18.0-1.fc23.i686 evolution-mapi-0:3.18.0-1.fc23.x86_64 evolution-mapi-0:3.18.3-1.fc23.i686 evolution-mapi-0:3.18.3-1.fc23.x86_64 evolution-pst-0:3.18.1-1.fc23.x86_64 evolution-pst-0:3.18.3-1.fc23.x86_64 evolution-rss-1:0.3.95-4.fc23.x86_64 evolution-spamassassin-0:3.18.1-1.fc23.x86_64 evolution-spamassassin-0:3.18.3-1.fc23.x86_64 geary-0:0.10.0-3.fc23.x86_64 gnome-web-photo-0:0.10.5-8.fc23.x86_64 gphotoframe-0:2.0.2-1.hg2084299dffb6.fc23.1.noarch libproxy-webkitgtk3-0:0.4.11-12.fc23.x86_64 liferea-1:1.10.16-1.fc23.x86_64 liferea-1:1.10.17-1.fc23.x86_64 nemo-preview-0:2.6.x-5.fc23.x86_64 nemo-preview-0:2.8.x-2.fc23.x86_64 nuvolaplayer-0:2.5-1.fc22.x86_64 rhythmbox-0:3.2.1-3.fc23.i686 rhythmbox-0:3.2.1-3.fc23.x86_64 rhythmbox-lirc-0:3.2.1-3.fc23.x86_64 rubygem-webkit-gtk-0:3.0.5-1.fc23.noarch rubygem-webkit-gtk-0:3.0.7-1.fc23.noarch seed-0:3.8.1-6.fc23.i686 seed-0:3.8.1-6.fc23.x86_64 shotwell-0:0.22.0-5.fc23.x86_64 sugar-browse-0:157.2-1.fc23.noarch uzbl-core-0:0-0.38.20120514git228bc38cbd.fc23.x86_64 vfrnav-0:20150429-1.fc23.i686 vfrnav-0:20150429-1.fc23.x86_64 webkitgtk3-devel-0:2.4.9-3.fc23.i686 webkitgtk3-devel-0:2.4.9-3.fc23.x86_64 webkitgtk3-doc-0:2.4.9-3.fc23.noarch wxGTK3-0:3.0.2-8.fc23.i686 wxGTK3-0:3.0.2-8.fc23.x86_64 wxGTK3-0:3.0.2-11.fc23.i686 wxGTK3-0:3.0.2-11.fc23.x86_64 xiphos-gtk3-0:4.0.3-1.fc23.x86_64 xiphos-gtk3-0:4.0.4-1.fc23.x86_64 yelp-2:3.17.2-3.fc23.x86_64 yelp-libs-2:3.17.2-3.fc23.i686 yelp-libs-2:3.17.2-3.fc23.x86_64 Michael