Re: Review libsoup2.4 for bullseye
On Sat, Apr 26, 2025 at 06:35:19PM +0200, Andreas Henriksson wrote:
> Hello again,
Hi Andreas,
>...
> The most interesting finding is what I already spotted last time, that
> the debian security-tracker links fixing commits that are sometimes not merged
> and in for example CVE-2025-32049 it's just introducing an option with
> the default set to same as before -- so not fixing anything.
> https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408#note_2394070
>...
these notes were added by a member of the security team when adding the
package names to a new CVE:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/638cc17a34946acc43253835e46eff52195eb5ee
You are likely the first person in Debian to look closer at this CVE,
and you should add your observation to the CVE as a NOTE.
> Regards,
> Andreas Henriksson
cu
Adrian
Reply to: