Bug#1103515: libsoup2.4: CVE-2025-32911 CVE-2025-32913
Sean Whitton
spwhitton at spwhitton.name
Sat May 17 09:29:56 BST 2025
Hello,
On Wed 14 May 2025 at 11:45am +01, Simon McVittie wrote:
> Please keep the subject line when replying to bug reports: package maintainers
> will often see your email out-of-context among thousands of other messages,
> and it's useful to have an idea of which package you're talking about!
>
> On Wed, 14 May 2025 at 10:02:32 +0000, Naaz, Syeda Shagufta wrote:
>>I noticed that the changelog in the [2] Salsa Debian
>>Bookworm branch does not match the one in the source code for [3] Debian 12
>>Bookworm.
>
> It looks as though Sean Whitton released fixes for some other CVEs but didn't
> update the gnome-team git repository (or perhaps wasn't able to update the
> gnome-team git repository). I've fetched the changes from
> https://salsa.debian.org/lts-team/packages/libsoup and pushed them to the
> gnome-team repository now, so the debian/bookworm branch should be up to date.
>
> Sean, if you can, please push any subsequent work on libsoup2.4 to the
> relevant branches at https://salsa.debian.org/gnome-team/libsoup at the time
> that it's finalized/tagged/uploaded. (If you don't have access, I can add you,
> but I think DDs might have access to gnome-team repositories anyway?)
I do intend to do a proposed update for bookworm for everything fixed in
sid. Syeda, I can review your MR at that point, thank you for
submitting it.
Simon, I have generally been making MRs for my updates but it would seem
that I missed some of them. I would be grateful for gnome-team
membership so that I can be sure to push everything.
--
Sean Whitton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 869 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20250517/2e86bb14/attachment-0001.sig>
More information about the pkg-gnome-maintainers
mailing list