[Git][security-tracker-team/security-tracker][master] Add new libsoup issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 14 22:19:45 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7dc17873 by Salvatore Bonaccorso at 2025-04-14T23:19:23+02:00
Add new libsoup issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53,17 +53,40 @@ CVE-2025-32913 (A flaw was found in libsoup, where the soup_message_headers_get_
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/422
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0 (3.6.2)
CVE-2025-32912 (A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a N ...)
- TODO: check
+ - libsoup3 3.6.5-1
+ - libsoup2.4 <unfixed>
+ NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/434
+ NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832 (3.6.2)
+ NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/434
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992 (3.6.5)
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f (3.6.5)
CVE-2025-32910 (A flaw was found in libsoup, where soup_auth_digest_authenticate() is ...)
- TODO: check
+ - libsoup3 3.6.4-1
+ - libsoup2.4 <unfixed>
+ NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/432
+ NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832 (3.6.2)
CVE-2025-32909 (A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a ...)
- TODO: check
+ - libsoup3 3.6.4-1
+ - libsoup2.4 <unfixed>
+ NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/431
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92 (3.6.2)
CVE-2025-32908 (A flaw was found in libsoup. The HTTP/2 server in libsoup may not full ...)
- TODO: check
+ - libsoup3 <unfixed>
+ - libsoup2.4 <unfixed>
+ NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/429
CVE-2025-32907 (A flaw was found in libsoup. The implementation of HTTP range requests ...)
- TODO: check
+ - libsoup3 <unfixed>
+ - libsoup2.4 <unfixed>
+ NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/428
CVE-2025-32906 (A flaw was found in libsoup, where the soup_headers_parse_request() fu ...)
- TODO: check
+ - libsoup3 3.6.5-1
+ - libsoup2.4 <unfixed>
+ NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/404
+ NOTE: Same underlying issue as https://gitlab.gnome.org/GNOME/libsoup/-/issues/407
+ NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/440
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/af5b9a4a3945c52b940d5ac181ef51bb12011f1f (3.6.5)
CVE-2025-2572 (In WhatsUp Gold versions released before 2024.0.3, a database manipu ...)
NOT-FOR-US: Progress Software
CVE-2025-2475 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dc17873216fbced57e32f4282d8da766a4a4e59
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dc17873216fbced57e32f4282d8da766a4a4e59
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250414/6053d671/attachment.htm>
More information about the debian-security-tracker-commits
mailing list