Audit applications using WebKit ports in Tails

https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/

This blog post points out that the versions of WebKit bundled in popular Linux GUI libraries (QtWebKit and WebKitGTK) are often seriously behind in terms of receiving security fixes from upstream. It is good that Tails uses IceWeasel as the default browser, because it would be the most serious concern and fortunately it is not affected. However, there are a number of other applications that do use WebKitGTK, some of which may be included in Tails. Here’s an incomplete list from the blog post:

GIMP, Liferea (edited list to remove software that Tails doesn’t ship)

It would be good to audit Tails’ use of these programs (and any other programs that might use out-of-date WebKit) and evaluate whether this could lead to security vulnerabilities for Tails users.

Subtasks

#16313 (closed)

Related issues

Related to #14508
Blocked by #15776 (closed)

Original created by @garrettr on 11051 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information