FFe: Sync libsoup2.4 2.60.0-1 (main) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libsoup2.4 (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Please sync libsoup2.4 2.60.0-1 (main) from Debian unstable (main)
Explanation of FeatureFreeze exception:
libsoup follows the GNOME release cycle and we're shipping the rest of GNOME 3.26.
Also, libsoup is a security sensitive package. (And 2.59.90.1 fixes CVE-2017-2885). I think it's (slightly) easier for the Security Team to backport security fixes for newer releases.
https:/
https:/
Changelog entries since current artful version 2.56.1-1:
libsoup2.4 (2.60.0-1) unstable; urgency=medium
* New upstream translations release
-- Jeremy Bicha <email address hidden> Tue, 12 Sep 2017 11:03:12 -0400
libsoup2.4 (2.59.90.1-1) unstable; urgency=medium
* New upstream release
* Drop all patches, applied in new release
* debian/
* debian/control.in:
- Build-depend on apache2 and php-xmlrpc for build tests
* Bump Standards-Version to 4.1.0
-- Jeremy Bicha <email address hidden> Wed, 30 Aug 2017 20:59:56 -0400
CVE References
Changed in libsoup2.4 (Ubuntu): | |
importance: | Undecided → Wishlist |
tags: | added: artful upgrade-software-version |
Changed in libsoup2.4 (Ubuntu): | |
status: | New → Fix Released |
On Thu, Sep 14, 2017 at 08:53:02AM -0000, Launchpad Bug Tracker wrote: /git.gnome. org/browse/ libsoup/ tree/NEWS /git.gnome. org/browse/ libsoup/ log/
> You have been subscribed to a public bug by Jeremy Bicha (jbicha):
>
> Please sync libsoup2.4 2.60.0-1 (main) from Debian unstable (main)
>
> Explanation of FeatureFreeze exception:
>
> libsoup follows the GNOME release cycle and we're shipping the rest of
> GNOME 3.26.
>
> Also, libsoup is a security sensitive package. (And 2.59.90.1 fixes
> CVE-2017-2885). I think it's (slightly) easier for the Security Team to
> backport security fixes for newer releases.
>
> https:/
>
> https:/
I'm reasonably in favour of this - and it seems from NEWS that the new
feature you're requesting an exception for is new API which in itself is
not a risky new feature.
But, since you've asked... this is a fairly core package on the desktop;
how much have you tested it? Seems there's at least one regression
mentioned in the intermediate releases.
Cheers,
--
Iain Lane [ <email address hidden> ]
Debian Developer [ <email address hidden> ]
Ubuntu Developer [ <email address hidden> ]