[ubuntu/oracular-security] libsoup2.4 2.74.3-7ubuntu0.1 (Accepted)
Bruce Cable
bruce.cable at canonical.com
Wed Nov 27 00:34:59 UTC 2024
libsoup2.4 (2.74.3-7ubuntu0.1) oracular-security; urgency=medium
* SECURITY UPDATE: Request smuggling
- debian/patches/CVE-2024-52530.patch: Strictly don't allow NUL
bytes in headers
- CVE-2024-52530
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2024-52531-1.patch: Be more robust against
invalid input when parsing params
- debian/patches/CVE-2024-52531-2.patch: Add test for passing
invalid UTF-8 to soup_header_parse_semi_param_list()
- CVE-2024-52531
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2024-52532-1.patch: process the frame as soon
as data is read
- debian/patches/CVE-2024-52532-2.patch: disconnect error copy
after the test ends
- CVE-2024-52532
Date: 2024-11-25 02:20:12.151231+00:00
Changed-By: Bruce Cable <bruce.cable at canonical.com>
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.3-7ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the oracular-changes
mailing list