[ubuntu/plucky-proposed] libsoup2.4 2.74.3-8ubuntu1 (Accepted)
Bruce Cable
bruce.cable at canonical.com
Wed Nov 27 01:50:16 UTC 2024
libsoup2.4 (2.74.3-8ubuntu1) plucky; urgency=medium
* SECURITY UPDATE: Request smuggling
- debian/patches/CVE-2024-52530.patch: Strictly don't allow NUL
bytes in headers
- CVE-2024-52530
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2024-52531-1.patch: Be more robust against
invalid input when parsing params
- debian/patches/CVE-2024-52531-2.patch: Add test for passing
invalid UTF-8 to soup_header_parse_semi_param_list()
- CVE-2024-52531
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2024-52532-1.patch: process the frame as soon
as data is read
- debian/patches/CVE-2024-52532-2.patch: disconnect error copy
after the test ends
- CVE-2024-52532
Date: Tue, 19 Nov 2024 09:24:54 +1100
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.3-8ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 19 Nov 2024 09:24:54 +1100
Source: libsoup2.4
Built-For-Profiles: noudeb
Architecture: source
Version: 2.74.3-8ubuntu1
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Changes:
libsoup2.4 (2.74.3-8ubuntu1) plucky; urgency=medium
.
* SECURITY UPDATE: Request smuggling
- debian/patches/CVE-2024-52530.patch: Strictly don't allow NUL
bytes in headers
- CVE-2024-52530
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2024-52531-1.patch: Be more robust against
invalid input when parsing params
- debian/patches/CVE-2024-52531-2.patch: Add test for passing
invalid UTF-8 to soup_header_parse_semi_param_list()
- CVE-2024-52531
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2024-52532-1.patch: process the frame as soon
as data is read
- debian/patches/CVE-2024-52532-2.patch: disconnect error copy
after the test ends
- CVE-2024-52532
Checksums-Sha1:
0178fa366d2db7a82cf8406a79d2e26462cfa02c 3169 libsoup2.4_2.74.3-8ubuntu1.dsc
d199dc57f0b1cc724dc5658ed47b738b962d82e4 30944 libsoup2.4_2.74.3-8ubuntu1.debian.tar.xz
196fa0cbdbfada847144ef8f5779f363d0f50b96 15130 libsoup2.4_2.74.3-8ubuntu1_source.buildinfo
Checksums-Sha256:
58179b4d2a15be1a473c29a6cabfb0e0edda131398c8a1b9b9397bf170974337 3169 libsoup2.4_2.74.3-8ubuntu1.dsc
f404ae23cda858b88a7de521dcb00c2c78419973d9148f65de3e8b4a1bfdf9c2 30944 libsoup2.4_2.74.3-8ubuntu1.debian.tar.xz
f3f0bfc2a445a493f839dfccdf583bdbabd74b123b669f320246380988f7cd61 15130 libsoup2.4_2.74.3-8ubuntu1_source.buildinfo
Files:
1d4ea5f01f5c4f314c1e9522bd471688 3169 oldlibs optional libsoup2.4_2.74.3-8ubuntu1.dsc
098f2f1bd3b25eb3ee5012b177a1c009 30944 oldlibs optional libsoup2.4_2.74.3-8ubuntu1.debian.tar.xz
b447d0afc9fcefd314d851c8ff12beb9 15130 oldlibs optional libsoup2.4_2.74.3-8ubuntu1_source.buildinfo
Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
More information about the plucky-changes
mailing list