On Sat, Apr 26, 2025 at 06:35:19PM +0200, Andreas Henriksson wrote: > Hello again,
Hi Andreas, >... > The most interesting finding is what I already spotted last time, that > the debian security-tracker links fixing commits that are sometimes not merged > and in for example CVE-2025-32049 it's just introducing an option with > the default set to same as before -- so not fixing anything. > https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408#note_2394070 >... these notes were added by a member of the security team when adding the package names to a new CVE: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/638cc17a34946acc43253835e46eff52195eb5ee You are likely the first person in Debian to look closer at this CVE, and you should add your observation to the CVE as a NOTE. > Regards, > Andreas Henriksson cu Adrian
