[Git][security-tracker-team/security-tracker][master] Unclaim libsoup2.4 with note

Sean Whitton (@spwhitton) spwhitton at debian.org
Tue May 20 11:06:41 BST 2025 


Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0ab63aa1 by Sean Whitton at 2025-05-20T11:06:39+01:00
Unclaim libsoup2.4 with note

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -176,7 +176,7 @@ libreoffice (dleidert)
   NOTE: 20250427: New CVE to fix CVE-2025-2866 (rouca/FD)
   NOTE: 20250519: Tests in progress (dleidert)
 --
-libsoup2.4 (Sean Whitton)
+libsoup2.4
   NOTE: 20250408: Added by Front-Desk (Beuc)
   NOTE: 20250427: libsoup2.4 2.72.0-2+deb11u2 (bullseye) uploaded ...
   NOTE: 20250427: ... without CVE-2025-32907 and CVE-2025-32049.
@@ -192,6 +192,12 @@ libsoup2.4 (Sean Whitton)
   NOTE: 20250503: else to work on they can take it over.  (spwhitton)
   NOTE: 20250519: Back to work on this now.
   NOTE: 20250519: Asked ah to take a look at CVE-2024-46421.  (spwhitton)
+  NOTE: 20250520: I am stuck on CVE-2024-46421 in sid.  I've backported the
+  NOTE: 20250520: PoC from the reporter, but it doesn't work.  We could just
+  NOTE: 20250520: apply the fix without testing it; that is what Ubuntu have
+  NOTE: 20250520: done.  I think I need someone else's opinion on whether that
+  NOTE: 20250520: seems sensible.  Or maybe someone else will have more luck
+  NOTE: 20250520: than me with getting the backported tests to run.  (spwhitton)
 --
 libstring-compare-constanttime-perl
   NOTE: 20250412: Added by Front-Desk (Beuc)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ab63aa19463bd01a35ebcc9b1d79089dfac47cb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ab63aa19463bd01a35ebcc9b1d79089dfac47cb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250520/09372abe/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list