Am 07.07.18 01:57 schrieb(en) Jack via balsa-list:
The culprit is commit e6a952e8 Mitigate EFail vulnerability for Webkit2. I have not looked into the commit, as I doubt I'll be able to figure out exactly what caused the problem. Hopefully, it shouldn't be hard to find, assuming I'm pointing at the right commit.
that was my patch to fix a security hole… Basically, the patch disables loading all external content from HTML messages as well as executing embedded Java(script), as it does not only threaten your privacy, but can be used to exploit the EFail vulnerability. On my box (Ubuntu 18.04 LTS) everything works fine. However, there /may/ be differences between webkit versions. Which version do you use? Here it's albrecht@deneb:~$ pkg-config --modversion webkit2gtk-4.0 2.20.3 Best, Albrecht.
Attachment:
pgpx51465tLgg.pgp
Description: PGP signature