Bug#1036312: Unfixed memory leaks in gnome-software in Bookworm
Simon McVittie
smcv at debian.org
Sat May 27 21:41:38 BST 2023
Control: tags -1 + moreinfo
On Fri, 19 May 2023 at 07:43:15 +0000, Albrecht Schwenke wrote:
> In Gnome Software 43.4 there are several unfixed memory leaks, which where
> fixed in gnome-software 43.5:
> [1]https://gitlab.gnome.org/GNOME/gnome-software/-/blob/gnome-43/NEWS
Upgrading to gnome-software 43.5 can potentially happen as a bookworm
update, but we'll need enough information to be able to give the release
team the context they need. Are these memory leaks sufficiently large to
be measurable during normal use, or do you only know about them because
they were mentioned in NEWS? Is there a way to cause the memory leaks to
become more visible, perhaps by doing some action in the UI repeatedly?
I've uploaded a prerelease version of an updated gnome-software (among
other packages) to: <https://people.debian.org/~smcv/12.1/>
If possible, please check whether that version resolves this.
> It would be nice if these security fixes could be applied to the gnome-software
> package in Debian.
Is there a reason why you describe these as security fixes? My assumption
from that NEWS entry would have been that gnome-software's memory
use grows over time, but most likely not at a sufficient rate to be
immediately problematic, and most likely not in a way that an attacker
can trigger in order to cause denial of service. If that's the case, then
they aren't a security vulnerability, just an ordinary bug.
(If you believe these leaks are a security vulnerability for reasons that
are not known to the public, then please contact security at debian.org
privately, and do not reply to this bug address until the relevant
information becomes public.)
Thanks,
smcv
More information about the pkg-gnome-maintainers
mailing list