From ${URL} : gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). Upstream patch: https://gitlab.gnome.org/GNOME/glib/commit/d553d92d6e9f53cbe5a34166fcb919ba652c6a8e Upstream issue: https://gitlab.gnome.org/GNOME/glib/issues/1649 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Sorry, what bump? Is 2.56 or 2.58 even affected when it cites regressions from Happy Eyeballs work, which mostly happened in 2.59
I'd be inclined to close this as INVALID.
Not in the tree and it is in development still.