Bug#1104054: CVE-2025-46421 tests backporting
Simon McVittie
smcv at debian.org
Mon May 19 15:27:28 BST 2025
On Mon, 19 May 2025 at 12:20:21 +0000, Andreas Henriksson wrote:
>In general since libsoup2.4 has been abandoned for many years, I'm
>completely fine with doing whatever that keeps it afloat in the already
>shipped releases until we can hopefully completely remove it in forky.
We have been aiming to remove it since at least 2023
(see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056125) and I'm
intending to raise the severity of the bugs listed in
https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=pkg-gnome-maintainers%40lists.alioth.debian.org&tag=libsoup2
to RC as soon as trixie is out.
This is one of several former GNOME libraries that is dead upstream and
should be removed from Debian, but cannot be removed because it still
has rdeps. If someone in the LTS team has time available for
preemptively reducing the support cost of old libraries that are dead
upstream in future LTS releases, any progress towards reducing the
length of
https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=pkg-gnome-maintainers%40lists.alioth.debian.org&tag=oldlibs
would be very welcome.
smcv
More information about the pkg-gnome-maintainers
mailing list