Bug#1104054: CVE-2025-46421 tests backporting
Sylvain Beucler
beuc at beuc.net
Mon May 19 20:18:09 BST 2025
Hi,
On 19/05/2025 16:27, Simon McVittie wrote:
> On Mon, 19 May 2025 at 12:20:21 +0000, Andreas Henriksson wrote:
>> In general since libsoup2.4 has been abandoned for many years, I'm
>> completely fine with doing whatever that keeps it afloat in the already
>> shipped releases until we can hopefully completely remove it in forky.
>
> We have been aiming to remove it since at least 2023 (see https://
> bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056125) and I'm intending to
> raise the severity of the bugs listed in https://udd.debian.org/cgi-bin/
> bts-usertags.cgi?user=pkg-gnome-
> maintainers%40lists.alioth.debian.org&tag=libsoup2 to RC as soon as
> trixie is out.
>
> This is one of several former GNOME libraries that is dead upstream and
> should be removed from Debian, but cannot be removed because it still
> has rdeps. If someone in the LTS team has time available for
> preemptively reducing the support cost of old libraries that are dead
> upstream in future LTS releases, any progress towards reducing the
> length of https://udd.debian.org/cgi-bin/bts-usertags.cgi?user=pkg-
> gnome-maintainers%40lists.alioth.debian.org&tag=oldlibs would be very
> welcome.
After checking with the LTS Coordinators, this is referenced in the LTS
Extra Tasks :)
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/212
Cheers!
Sylvain Beucler
Debian LTS Team
More information about the pkg-gnome-maintainers
mailing list