1 |
On 06/05/2017 07:06 AM, Kent Fredric wrote: |
2 |
> On Mon, 05 Jun 2017 09:11:27 +0200 |
3 |
> Hans de Graaff <graaff@g.o> wrote: |
4 |
> |
5 |
>> # Hans de Graaff <graaff@g.o> (05 Jun 2017) |
6 |
>> # Bundles obsolete and vulnerable webkit version. |
7 |
>> # Upstream has stopped development and recommends using |
8 |
>> # headless mode in >=www-client/chromium-59. |
9 |
>> # Masked for removal in 30 days. Bug #589994. |
10 |
>> www-client/phantomjs |
11 |
> |
12 |
> Can phantomjs be simply masked for a longer period until the development |
13 |
> world has had an opportunity to catch up? |
14 |
> |
15 |
|
16 |
The real reason for the mask is that it bundles an ancient version of |
17 |
qtwebkit with a ton of known security vulnerabilities. Hans was |
18 |
attempting to fix it, but now that upstream is dead, it will remain |
19 |
insecure forever. |