From rstrode@redhat.com  Mon Aug 13 17:36:53 2018
Return-Path: <rstrode@redhat.com>
X-Original-To: distributor-list@gnome.org
Delivered-To: distributor-list@gnome.org
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp.gnome.org (Postfix) with ESMTP id DB4CD76126
	for <distributor-list@gnome.org>; Mon, 13 Aug 2018 17:36:53 +0000 (UTC)
X-Virus-Scanned: by amavisd-new at gnome.org
X-Spam-Flag: NO
X-Spam-Score: -0.393
X-Spam-Level: 
X-Spam-Status: No, score=-0.393 tagged_above=-999 required=2
	tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
	SUBJ_ALL_CAPS=1.506] autolearn=no
Received: from smtp.gnome.org ([127.0.0.1])
	by localhost (restaurant.gnome.org [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id eVb6pazqdRIA for <distributor-list@gnome.org>;
	Mon, 13 Aug 2018 17:36:53 +0000 (UTC)
Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com
	[209.85.208.178])
	by smtp.gnome.org (Postfix) with ESMTPS id D746B7610F
	for <distributor-list@gnome.org>; Mon, 13 Aug 2018 17:36:52 +0000 (UTC)
Received: by mail-lj1-f178.google.com with SMTP id s12-v6so13246052ljj.0
	for <distributor-list@gnome.org>; Mon, 13 Aug 2018 10:36:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
	bh=T9Rrdq9AR1oQzi3W8Rw0/04PjDSVSOcUF93HhrHwpi0=;
	b=GYWqtEKCZmWaeoMqY/7tkIF/TCT88Thl3cLcMyuWaMgc3DrQcVwdV+A49BPjm9bycF
	nnbBwu7I3PsuX6wdEpqvPhFJPRveP62MrjKQTWjo8ZM7fThbiqTIbySxpp7ZzdSkV4F0
	+VLsrB/b5H1aS0K8bqkjxj7T2zjlJdtr8qYN2Wa/jhgT/sRIslhTtP9vE/i9dIuaLqDs
	MFYLAdHM8DY0GoxQXK3HKQPq+MEuJfK43T+gN3pfh9vZdIjKPqNvYGyNUAz2F2dapS2h
	fSYKpGejSBpajlyuc4By16YZrea3sZLusY6RUzBTi5rS9nghVcSbv68GpCNkSKAYwgeZ
	CFyg==
X-Gm-Message-State: AOUpUlFUPZRtob0KjgmyT9lrkB08BbwInjGTSoOGApzjiuo8dZOfs6PH
	uuCaK5wJtC8Y87htUrOFvZGlz2xf6rYr9o1yzvT9OrAC
X-Google-Smtp-Source: AA+uWPyJ3ud555yOyZIKgtDz+HnpFgjMz5exiz0s/lsHA7C/CVddXS7ws6AKaULMVCBPG/ggDGmQhMI75BfLQuzbLio=
X-Received: by 2002:a2e:6304:: with SMTP id x4-v6mr13570691ljb.9.1534181809256;
	Mon, 13 Aug 2018 10:36:49 -0700 (PDT)
MIME-Version: 1.0
From: Ray Strode <rstrode@redhat.com>
Date: Mon, 13 Aug 2018 13:36:37 -0400
Message-ID: <CAKCoTu5nA4wh=pzpmKNGXw2LBhBGLp4jJfiJ4AreTzwse-aWcQ@mail.gmail.com>
Subject: GDM CVE-2018-14424
To: distributor-list <distributor-list@gnome.org>
Content-Type: multipart/alternative; boundary="000000000000c3233c05735489ca"
X-BeenThere: distributor-list@gnome.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Discussion and collaboration list for distributors of GNOME
	<distributor-list.gnome.org>
List-Unsubscribe: <https://mail.gnome.org/mailman/options/distributor-list>,
	<mailto:distributor-list-request@gnome.org?subject=unsubscribe>
List-Archive: <https://mail.gnome.org/archives/distributor-list/>
List-Post: <mailto:distributor-list@gnome.org>
List-Help: <mailto:distributor-list-request@gnome.org?subject=help>
List-Subscribe: <https://mail.gnome.org/mailman/listinfo/distributor-list>,
	<mailto:distributor-list-request@gnome.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Aug 2018 17:36:54 -0000

--000000000000c3233c05735489ca
Content-Type: text/plain; charset="UTF-8"

Distributions may want to upgrade to GDM 3.28.3 as it fixes a double-free
bug.

See https://gitlab.gnome.org/GNOME/gdm/issues/401 for more details.

--000000000000c3233c05735489ca
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Distributions may want to upgrade to GDM 3.28.3 as it=
 fixes a double-free bug.</div><div><br></div><div>See <a href=3D"https://g=
itlab.gnome.org/GNOME/gdm/issues/401">https://gitlab.gnome.org/GNOME/gdm/is=
sues/401</a> for more details.<br></div></div>

--000000000000c3233c05735489ca--
From matthias.clasen@gmail.com  Mon Aug 20 14:06:15 2018
Return-Path: <matthias.clasen@gmail.com>
X-Original-To: distributor-list@gnome.org
Delivered-To: distributor-list@gnome.org
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp.gnome.org (Postfix) with ESMTP id 0529A76123
	for <distributor-list@gnome.org>; Mon, 20 Aug 2018 14:06:15 +0000 (UTC)
X-Virus-Scanned: by amavisd-new at gnome.org
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=2
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
	RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from smtp.gnome.org ([127.0.0.1])
	by localhost (restaurant.gnome.org [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id TUnz6fOYSK2B for <distributor-list@gnome.org>;
	Mon, 20 Aug 2018 14:06:13 +0000 (UTC)
Received: from mail-vk0-f50.google.com (mail-vk0-f50.google.com
	[209.85.213.50])
	by smtp.gnome.org (Postfix) with ESMTPS id 4E717760F1
	for <distributor-list@gnome.org>; Mon, 20 Aug 2018 14:06:12 +0000 (UTC)
Received: by mail-vk0-f50.google.com with SMTP id e139-v6so6540394vkf.6
	for <distributor-list@gnome.org>; Mon, 20 Aug 2018 07:06:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=mime-version:from:date:message-id:subject:to;
	bh=pVWls3tslXrCZ48j7qRyGA55X/CSAihkrmd6xSFqUas=;
	b=VLCr+Vg5LUROps9b28dT4y9QtSVIRC1cbzrPnE+gm6EDAj+OWm/DAd6ZQuKzzMmPva
	OLyypK98Z9Bn0EtltX2bLsw5r0SlShnp5VQw02R/SSO4m0g97bGbx1+DKHbYRsvEQRom
	izJTRP7AecxxlD+5DJ27Jn6KBFQHkNavzSspms+xP/K5IIgKX7LSxadgvx2enCKyxxhx
	cjQc06vtinQQSYnDPak1kkLv4vCaGe2xB5fDLMYU4Qv3APUdhTT93Xo7Ae3xCXyia/aG
	xdRfxtLDAa/cO9s7wojMtxbOCyg5w16f1+blAx29lXUcbROALQKDxos5fgDzylUR8ciC
	eoHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
	bh=pVWls3tslXrCZ48j7qRyGA55X/CSAihkrmd6xSFqUas=;
	b=SQkfbjnShAZgjZLrlqranyZo+N8wDszKSAbqvQ4O/eggBtcGtz3jP+eI7lKTTOz2ug
	l4FEGlgtTw1d7S0MzCQv/7Q5sRVdMFu4bSFL1vPF7FeUt9Ek3UlA+HPGZpoSSwTl1U1G
	jkKCgaWUGb1ZxK0ysagr5rF6fyKnwMScpgmcVi4V7o/BmuX3qVTySlJxg+/rTqC+0nh8
	V24hAFtQ9nZdUD3Bkkf50sWFMH/mEoE9DiXUCKC4Q1wY/kfOefh8CeAWcgDXC7i4PPJd
	AxzvbvKVNCDkY2KLgAwI8f5dudxr3gqmbjHpi0Z6Uc6iAaZDqru09nQQW/AcuAMeTCtc
	M1OQ==
X-Gm-Message-State: AOUpUlEADw7lJGzGei2xVp9MNJMb0k/qd/3YCs2mTH8TcOrEdtZMhj0a
	SIRXendlikvEX/PI5K3o73NB1mF2jr4nE7X2s4jgR07o
X-Google-Smtp-Source: AA+uWPzd/TJXaAvuXk5iXGknYKKQXBMbTinxxApepM6DlRknoebVeN2y+G05BxmDCCO/xzdzdUom35V9aarQmZGYFnQ=
X-Received: by 2002:a1f:308d:: with SMTP id
	w135-v6mr29793886vkw.1.1534773970051; 
	Mon, 20 Aug 2018 07:06:10 -0700 (PDT)
MIME-Version: 1.0
From: Matthias Clasen <matthias.clasen@gmail.com>
Date: Mon, 20 Aug 2018 10:05:58 -0400
Message-ID: <CAFwd_vBXgxoUnek7ww0ZJ8RKH4tD1AHinHvtx44m2wAnaxPhMQ@mail.gmail.com>
Subject: A critical pango fix
To: distributor-list@gnome.org
Content-Type: multipart/alternative; boundary="0000000000004bb1260573de6959"
X-BeenThere: distributor-list@gnome.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Discussion and collaboration list for distributors of GNOME
	<distributor-list.gnome.org>
List-Unsubscribe: <https://mail.gnome.org/mailman/options/distributor-list>,
	<mailto:distributor-list-request@gnome.org?subject=unsubscribe>
List-Archive: <https://mail.gnome.org/archives/distributor-list/>
List-Post: <mailto:distributor-list@gnome.org>
List-Help: <mailto:distributor-list-request@gnome.org?subject=help>
List-Subscribe: <https://mail.gnome.org/mailman/listinfo/distributor-list>,
	<mailto:distributor-list-request@gnome.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2018 14:06:15 -0000

--0000000000004bb1260573de6959
Content-Type: text/plain; charset="UTF-8"

I've just pushed a fix to pango:

https://gitlab.gnome.org/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f

This prevents and assertion which can be triggered by invalid Unicode
sequences.

I'll be doing a release with this fix shortly, but since this can crash
apps like hexchat
or gnome-terminal, it is a good idea to get the patch out as soon as
possible.

This affects all versions of Pango since color Emoji support was introduced
in 1.40.8.


Matthias

--0000000000004bb1260573de6959
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>I&#39;ve just pushed a fix to pango:</div><div><br></=
div><div><a href=3D"https://gitlab.gnome.org/GNOME/pango/commit/71aaeaf0203=
40412b8d012fe23a556c0420eda5f" target=3D"_blank">https://gitlab.gnome.org/G=
NOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f</a></div><div><b=
r></div><div>This prevents and assertion which can be triggered by invalid =
Unicode sequences.</div><div><br></div><div>I&#39;ll be doing a release wit=
h this fix shortly, but since this can crash apps like hexchat</div><div>or=
 gnome-terminal, it is a good idea to get the patch out as soon as possible=
.</div><div><br></div><div>This affects all versions of Pango since color E=
moji support was introduced in 1.40.8.</div><div><br></div><div><br></div><=
div>Matthias<br></div></div>

--0000000000004bb1260573de6959--
From mcatanzaro@igalia.com  Wed Aug  8 02:00:43 2018
Return-Path: <mcatanzaro@igalia.com>
X-Original-To: distributor-list@gnome.org
Delivered-To: distributor-list@gnome.org
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp.gnome.org (Postfix) with ESMTP id 384FE76101
	for <distributor-list@gnome.org>; Wed,  8 Aug 2018 02:00:43 +0000 (UTC)
X-Virus-Scanned: by amavisd-new at gnome.org
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level: 
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=2
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001]
	autolearn=ham
Received: from smtp.gnome.org ([127.0.0.1])
	by localhost (restaurant.gnome.org [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id eG0g6JQj_A1F for <distributor-list@gnome.org>;
	Wed,  8 Aug 2018 02:00:41 +0000 (UTC)
Received: from fanzine.igalia.com (fanzine.igalia.com [91.117.99.155])
	by smtp.gnome.org (Postfix) with ESMTPS id C8A25760F8
	for <distributor-list@gnome.org>; Wed,  8 Aug 2018 02:00:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com;
	s=20170329; 
	h=Content-Type:MIME-Version:Message-Id:Cc:To:Subject:From:Date;
	bh=jBy9CnDeuUqZZ0XnhtAYDaVw0Of7KBMtHYXnmBU+IMY=; 
	b=jOHsDHn9xBnD9P/IB+XERO+YcBdyg4iHob1n09Hiua8zfjz/+m8sQEVCmI1R5mVGLEvL3CuGN0Nq42BRTVdy2QWx2U380kLuFKGXD2zkmhOjyZbqmnCFuyNtuj8ssxVHXk1vh9gIjU3bi4pqFgmiDlVf5Ip73wHkelz9JmZU/7C/iOGCYn4X290f2MSXo8DeOXfA46vr5dopvM+x15Q0tkBg74MfZBRmQEyq/OLjp5n1H/erDgSwS0osio9w8Ix4P5lb/JxyXiUYj5/zRwChuib3KWUJIjZs1dPHJOyiL0JhxdCgTvsz2gKDyMrobLS1HURI3bJ1clvqqbH9tVsaFQ==;
Received: from static-68-235-35-12.cust.tzulo.com ([68.235.35.12]
	helo=[10.16.0.4]) by fanzine.igalia.com with esmtpsa 
	(Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim)
	id 1fnDm6-0000Yt-R4; Wed, 08 Aug 2018 04:00:35 +0200
From: Michael Catanzaro <mcatanzaro@igalia.com>
Subject: WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006
To: webkit-gtk@lists.webkit.org, webkit-wpe@lists.webkit.org
Cc: security@webkit.org, distributor-list@gnome.org,
	oss-security@lists.openwall.com, bugtraq@securityfocus.com
Message-Id: <1533693619.3820.0@mail.igalia.com>
X-Mailer: geary/0.12.3
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
X-Mailman-Approved-At: Mon, 08 Oct 2018 06:50:29 +0000
X-BeenThere: distributor-list@gnome.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Discussion and collaboration list for distributors of GNOME
	<distributor-list.gnome.org>
List-Unsubscribe: <https://mail.gnome.org/mailman/options/distributor-list>,
	<mailto:distributor-list-request@gnome.org?subject=unsubscribe>
List-Archive: <https://mail.gnome.org/archives/distributor-list/>
List-Post: <mailto:distributor-list@gnome.org>
List-Help: <mailto:distributor-list-request@gnome.org?subject=help>
List-Subscribe: <https://mail.gnome.org/mailman/listinfo/distributor-list>,
	<mailto:distributor-list-request@gnome.org?subject=subscribe>
Date: Wed, 08 Aug 2018 02:00:43 -0000
X-Original-Date: Tue, 07 Aug 2018 21:00:19 -0500
X-List-Received-Date: Wed, 08 Aug 2018 02:00:43 -0000

------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory                WSA-2018-0006
------------------------------------------------------------------------

Date reported           : August 07, 2018
Advisory ID             : WSA-2018-0006
WebKitGTK+ Advisory URL : 
https://webkitgtk.org/security/WSA-2018-0006.html
WPE WebKit Advisory URL : 
https://wpewebkit.org/security/WSA-2018-0006.html
CVE identifiers         : CVE-2018-4246, CVE-2018-4261, CVE-2018-4262,
                          CVE-2018-4263, CVE-2018-4264, CVE-2018-4265,
                          CVE-2018-4266, CVE-2018-4267, CVE-2018-4270,
                          CVE-2018-4271, CVE-2018-4272, CVE-2018-4273,
                          CVE-2018-4278, CVE-2018-4284, CVE-2018-12911.

Several vulnerabilities were discovered in WebKitGTK+ and WPE WebKit.

CVE-2018-4246
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.1.
    Credit to OSS-Fuzz.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. A type confusion issue was addressed with improved
    memory handling.

CVE-2018-4261
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.2.
    Credit to Omair working with Trend Micro's Zero Day Initiative.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. A memory corruption issue was addressed with
    improved memory handling.

CVE-2018-4262
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.2.
    Credit to Mateusz Krzywicki working with Trend Micro's Zero Day
    Initiative.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. A memory corruption issue was addressed with
    improved memory handling.

CVE-2018-4263
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.2.
    Credit to Arayz working with Trend Micro's Zero Day Initiative.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. A memory corruption issue was addressed with
    improved memory handling.

CVE-2018-4264
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.2.
    Credit to OSS-Fuzz, Yu Zhou and Jundong Xie of Ant-financial Light-
    Year Security Lab.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. A memory corruption issue was addressed with
    improved memory handling.

CVE-2018-4265
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.2.
    Credit to cc working with Trend Micro's Zero Day Initiative.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. A memory corruption issue was addressed with
    improved memory handling.

CVE-2018-4266
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.2.
    Credit to OSS-Fuzz.
    A malicious website may be able to cause a denial of service. A race
    condition was addressed with additional validation.

CVE-2018-4267
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.2.
    Credit to Arayz of Pangu team working with Trend Micro's Zero Day
    Initiative.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. A memory corruption issue was addressed with
    improved memory handling.

CVE-2018-4270
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.2.
    Credit to OSS-Fuzz.
    Processing maliciously crafted web content may lead to an unexpected
    application crash. A memory corruption issue was addressed with
    improved memory handling.

CVE-2018-4271
    Versions affected: WebKitGTK+ before 2.20.2.
    Credit to OSS-Fuzz.
    Processing maliciously crafted web content may lead to an unexpected
    application crash. A memory corruption issue was addressed with
    improved input validation.

CVE-2018-4272
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.2.
    Credit to OSS-Fuzz.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. A memory corruption issue was addressed with
    improved memory handling.

CVE-2018-4273
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.2.
    Credit to OSS-Fuzz.
    Processing maliciously crafted web content may lead to an unexpected
    application crash. A memory corruption issue was addressed with
    improved input validation.

CVE-2018-4278
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.2.
    Credit to Jun Kokatsu (@shhnjk).
    A malicious website may exfiltrate audio data cross-origin. Sound
    fetched through audio elements may be exfiltrated cross-origin. This
    issue was addressed with improved audio taint tracking.

CVE-2018-4284
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.2.
    Credit to OSS-Fuzz.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. A type confusion issue was addressed with improved
    memory handling.

CVE-2018-12911
    Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
    2.20.2.
    Credit to Yu Haiwan.
    Processing maliciously crafted web content may lead to arbitrary
    code execution. A buffer overflow issue was addressed with improved
    memory handling.


We recommend updating to the latest stable versions of WebKitGTK+ and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about the
latest stable releases.

Further information about WebKitGTK+ and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.

The WebKitGTK+ and WPE WebKit team,
August 07, 2018

From csaavedra@igalia.com  Fri Aug 10 09:08:51 2018
Return-Path: <csaavedra@igalia.com>
X-Original-To: distributor-list@gnome.org
Delivered-To: distributor-list@gnome.org
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp.gnome.org (Postfix) with ESMTP id 1D6E2760FE
	for <distributor-list@gnome.org>; Fri, 10 Aug 2018 09:08:51 +0000 (UTC)
X-Virus-Scanned: by amavisd-new at gnome.org
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level: 
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=2
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001]
	autolearn=ham
Received: from smtp.gnome.org ([127.0.0.1])
	by localhost (restaurant.gnome.org [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id 2fAroH13CQ2D for <distributor-list@gnome.org>;
	Fri, 10 Aug 2018 09:08:49 +0000 (UTC)
Received: from fanzine.igalia.com (fanzine.igalia.com [91.117.99.155])
	by smtp.gnome.org (Postfix) with ESMTPS id A1636760FB
	for <distributor-list@gnome.org>; Fri, 10 Aug 2018 09:08:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com;
	s=20170329; 
	h=Content-Transfer-Encoding:Mime-Version:Content-Type:Date:To:From:Subject:Message-ID;
	bh=Yx8A9Grww+8AtcO05r1JqY7fD8rEk4TPhEQN43Y+Zc8=; 
	b=MeIYsSLg//8F1rm6+wQCJs4u50I3AgCES3sacP6FoAsyT3B9QJYusDgfyBFKXajjLwj+TduvgXVLy5yEatS/cvFuSd114MIfS6bIDEJDqQJb9aEoBFjEJOEozJvT8h45aTXkyFQ7D0/yM2pwAYwCFSY+uVyHkxkdnHfGtOj7jsEn2uG1RID5UcDIxvy0N4gEETf4tCKV2AJlypQUl99Mfil6d+JZe0SQ8ADeyvlEtLAuHBe84tXadJIAoO5/iqNocvSFMrrcN94uYoyB9o7F9N9JjsgAsuMdDMH488sqcJTtD7D4iBmUsJmrG7ysxp15OX+NuSVEf8JjV2IEM6Q41A==;
Received: from 84-253-222-20.bb.dnainternet.fi ([84.253.222.20] helo=patanjali)
	by fanzine.igalia.com with esmtpsa 
	(Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim)
	id 1fo3PW-0000lH-UB
	for <distributor-list@gnome.org>; Fri, 10 Aug 2018 11:08:43 +0200
Message-ID: <c67c7b6d97f0c63ca581808979bbc9ff2e03a480.camel@igalia.com>
Subject: libsoup 2.62.3
From: Claudio Saavedra <csaavedra@igalia.com>
To: distributor-list@gnome.org
Organization: Igalia
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.28.5-1 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Mon, 08 Oct 2018 06:50:29 +0000
X-BeenThere: distributor-list@gnome.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Discussion and collaboration list for distributors of GNOME
	<distributor-list.gnome.org>
List-Unsubscribe: <https://mail.gnome.org/mailman/options/distributor-list>,
	<mailto:distributor-list-request@gnome.org?subject=unsubscribe>
List-Archive: <https://mail.gnome.org/archives/distributor-list/>
List-Post: <mailto:distributor-list@gnome.org>
List-Help: <mailto:distributor-list-request@gnome.org?subject=help>
List-Subscribe: <https://mail.gnome.org/mailman/listinfo/distributor-list>,
	<mailto:distributor-list-request@gnome.org?subject=subscribe>
Date: Fri, 10 Aug 2018 09:08:51 -0000
X-Original-Date: Fri, 10 Aug 2018 12:08:31 +0300
X-List-Received-Date: Fri, 10 Aug 2018 09:08:51 -0000

Hi,

I just released libsoup 2.62.3. This release contains a fix for an
issue in the soup-tld implementation that would affect cookies (see 
https://gitlab.gnome.org/GNOME/libsoup/issues/5 for details). There are
other important fixes, so I would advice distributions to upgrade.

Issue #5 doesn't affect master or the current development releases of
libsoup, but backporting f7fb41 might be advisable for distributions
shipping older releases.

Claudio