On Thu, Sep 14, 2017 at 08:53:02AM -0000, Launchpad Bug Tracker wrote: > You have been subscribed to a public bug by Jeremy Bicha (jbicha): > > Please sync libsoup2.4 2.60.0-1 (main) from Debian unstable (main) > > Explanation of FeatureFreeze exception: > > libsoup follows the GNOME release cycle and we're shipping the rest of > GNOME 3.26. > > Also, libsoup is a security sensitive package. (And 2.59.90.1 fixes > CVE-2017-2885). I think it's (slightly) easier for the Security Team to > backport security fixes for newer releases. > > https://git.gnome.org/browse/libsoup/tree/NEWS > > https://git.gnome.org/browse/libsoup/log/
I'm reasonably in favour of this - and it seems from NEWS that the new feature you're requesting an exception for is new API which in itself is not a risky new feature. But, since you've asked... this is a fairly core package on the desktop; how much have you tested it? Seems there's at least one regression mentioned in the intermediate releases. Cheers, -- Iain Lane [ i...@orangesquash.org.uk ] Debian Developer [ la...@debian.org ] Ubuntu Developer [ la...@ubuntu.com ] ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-2885 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libsoup2.4 in Ubuntu. https://bugs.launchpad.net/bugs/1717216 Title: FFe: Sync libsoup2.4 2.60.0-1 (main) from Debian unstable (main) Status in libsoup2.4 package in Ubuntu: New Bug description: Please sync libsoup2.4 2.60.0-1 (main) from Debian unstable (main) Explanation of FeatureFreeze exception: libsoup follows the GNOME release cycle and we're shipping the rest of GNOME 3.26. Also, libsoup is a security sensitive package. (And 2.59.90.1 fixes CVE-2017-2885). I think it's (slightly) easier for the Security Team to backport security fixes for newer releases. https://git.gnome.org/browse/libsoup/tree/NEWS https://git.gnome.org/browse/libsoup/log/ Changelog entries since current artful version 2.56.1-1: libsoup2.4 (2.60.0-1) unstable; urgency=medium * New upstream translations release -- Jeremy Bicha <jbi...@debian.org> Tue, 12 Sep 2017 11:03:12 -0400 libsoup2.4 (2.59.90.1-1) unstable; urgency=medium * New upstream release * Drop all patches, applied in new release * debian/libsoup2.4-1.symbols: Add new symbols * debian/control.in: - Build-depend on apache2 and php-xmlrpc for build tests * Bump Standards-Version to 4.1.0 -- Jeremy Bicha <jbi...@debian.org> Wed, 30 Aug 2017 20:59:56 -0400 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libsoup2.4/+bug/1717216/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
