[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Review libsoup2.4 for bullseye

On Sat, Apr 26, 2025 at 06:35:19PM +0200, Andreas Henriksson wrote:
> Hello again,

Hi Andreas,

>...
> The most interesting finding is what I already spotted last time, that
> the debian security-tracker links fixing commits that are sometimes not merged
> and in for example CVE-2025-32049 it's just introducing an option with
> the default set to same as before -- so not fixing anything.
> https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408#note_2394070
>...

these notes were added by a member of the security team when adding the 
package names to a new CVE:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/638cc17a34946acc43253835e46eff52195eb5ee

You are likely the first person in Debian to look closer at this CVE,
and you should add your observation to the CVE as a NOTE.

> Regards,
> Andreas Henriksson

cu
Adrian
Reply to: