Just for information / completeness:
That security vulnerability only applies when using libsoup to run a publicly accessible HTTP server, with authentication enabled, and specifically if using the Digest Auth method rather than OAuth or other methods.
This is not a realistic scenario for most consumers of this package as gaming dependency.
It is, in practice, irrelevant and perfectly safe to install for 99.99% of people, and the 0.01% for whom it matters only need to know not to use Digest Auth until it is fixed.
The approach you took of removing the meta packages and just manually installing what you want is perfectly fine though.