[Git][security-tracker-team/security-tracker][master] CVE-2025-32907 + CVE-2025-32049: Add notes
Andreas Henriksson (@ah)
gitlab at salsa.debian.org
Sun Apr 27 16:24:08 BST 2025
Andreas Henriksson pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4207a429 by Andreas Henriksson at 2025-04-27T17:23:57+02:00
CVE-2025-32907 + CVE-2025-32049: Add notes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3980,6 +3980,8 @@ CVE-2025-32907 (A flaw was found in libsoup. The implementation of HTTP range re
- libsoup3 <unfixed> (bug #1103264)
- libsoup2.4 <unfixed> (bug #1103518)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/428
+ NOTE: See also https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452
+ NOTE: Upstream also claims there are multiple worse DoS problems, so questions the usefulness of this fix.
CVE-2025-32906 (A flaw was found in libsoup, where the soup_headers_parse_request() fu ...)
- libsoup3 3.6.5-1
- libsoup2.4 <unfixed> (bug #1103521)
@@ -6992,6 +6994,8 @@ CVE-2025-32049 (A flaw was found in libsoup. The SoupWebsocketConnection may acc
- libsoup2.4 <unfixed> (bug #1102211)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/390
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/5a83501544a7ff180a5f3490192a280252cd7d04
+ NOTE: The fix commit above is not merged, just proposed in a MR.
+ NOTE: The fix commit just adds an option with the default retaining old behaviour: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408#note_2394070
CVE-2025-31911 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31909 (Missing Authorization vulnerability in NotFound Apptivo Business Site ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4207a429655ed7fd7f5ec0e2bdd349dc7c4ba2e7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4207a429655ed7fd7f5ec0e2bdd349dc7c4ba2e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250427/9aa950ec/attachment.htm>
More information about the debian-security-tracker-commits
mailing list