- Package:
- src:malcontent
- Source:
- src:malcontent
- Submitter:
- Simon McVittie
- Date:
- 2026-05-27 07:01:02 UTC
- Severity:
- normal
- Tags:
I noticed while looking at GNOME Shell 50 updates that malcontent 0.14.0
is an optional dependency, for the new screen-time tracking feature. We
don't have this version in Debian yet, so that Shell feature will be
disabled until we do.
(I don't use parental controls myself, so I am unlikely to update this
package.)
Thanks,
smcv
Hi, I first learned about CVE-2026-44931 today. If we uploaded malcontent 0.14.0 to unstable, would it be a RC issue from the perspective of the Debian Security Team? https://security-tracker.debian.org/tracker/CVE-2026-44931 Thank you, Jeremy Bícha
Hi Jeremy, Maybenot RC, but if there is not a reason to introduce a a known issue, is there a reason you need o rebase on 0.14.0? Can we keep it at the version it is now to not get the issue into forky and see if a solution appears upstream? Regards, Salvatore
We patch gnome-control-center to keep using malcontent 0.13. This is fine for now, but eventually we will want the newer version. I haven't tested malcontent 0.14 but the NEWS suggests that it has new features that may make the parental controls more effective. (My somewhat harsh review is that malcontent 0.13 isn't very effective so I appreciate improvement.) https://salsa.debian.org/gnome-team/gnome-control-center/-/blob/debian/latest/debian/patches/debian/Revert-wellbeing-Synchronize-settings-with-malcontent.patch https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/main/NEWS Thank you, Jeremy Bícha
Hi Jeremy, mangled by having it rewriten my answer. But it looks you still got my point. How about then keeping the situation as long it is either affordable for you, or alternatively update to 0.14.0 but open a RC bug level for the CVE, so it is clear that it is desirable to have it fixed for forky. Upstream has explained the difficulties in: https://gitlab.freedesktop.org/pwithnall/malcontent/-/work_items/137 So maybe raising the flag as rc level in Debian could motivate someone into helping upstream in developing a fix? Regards, Salvatore