Control: tags -1 + moreinfo On Fri, 19 May 2023 at 07:43:15 +0000, Albrecht Schwenke wrote: > In Gnome Software 43.4 there are several unfixed memory leaks, which where > fixed in gnome-software 43.5: > [1]https://gitlab.gnome.org/GNOME/gnome-software/-/blob/gnome-43/NEWS
Upgrading to gnome-software 43.5 can potentially happen as a bookworm update, but we'll need enough information to be able to give the release team the context they need. Are these memory leaks sufficiently large to be measurable during normal use, or do you only know about them because they were mentioned in NEWS? Is there a way to cause the memory leaks to become more visible, perhaps by doing some action in the UI repeatedly? I've uploaded a prerelease version of an updated gnome-software (among other packages) to: <https://people.debian.org/~smcv/12.1/> If possible, please check whether that version resolves this. > It would be nice if these security fixes could be applied to the > gnome-software > package in Debian. Is there a reason why you describe these as security fixes? My assumption from that NEWS entry would have been that gnome-software's memory use grows over time, but most likely not at a sufficient rate to be immediately problematic, and most likely not in a way that an attacker can trigger in order to cause denial of service. If that's the case, then they aren't a security vulnerability, just an ordinary bug. (If you believe these leaks are a security vulnerability for reasons that are not known to the public, then please contact secur...@debian.org privately, and do not reply to this bug address until the relevant information becomes public.) Thanks, smcv
