[Git][security-tracker-team/security-tracker][master] Track fixed version for libsoup3 issues via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jul 12 20:55:03 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
57107d4a by Salvatore Bonaccorso at 2025-07-12T21:39:22+02:00
Track fixed version for libsoup3 issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15384,7 +15384,7 @@ CVE-2025-4999 (A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up
CVE-2025-4998 (A vulnerability has been found in H3C Magic R200G up to 100R002 and cl ...)
NOT-FOR-US: H3C
CVE-2025-4969 (A vulnerability was found in the libsoup package. This flaw stems from ...)
- - libsoup3 <unfixed> (bug #1106248)
+ - libsoup3 3.6.5-2 (bug #1106248)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1106325)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
@@ -16012,14 +16012,14 @@ CVE-2025-1308 (A vulnerability exists in PX Backup whereby sensitive information
CVE-2024-5878 (Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4948 (A flaw was found in the soup_multipart_new_from_message() function of ...)
- - libsoup3 <unfixed> (bug #1106204)
+ - libsoup3 3.6.5-2 (bug #1106204)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1106337)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463
CVE-2025-4945 (A flaw was found in the cookie parsing logic of the libsoup HTTP libra ...)
- - libsoup3 <unfixed> (bug #1106205)
+ - libsoup3 3.6.5-2 (bug #1106205)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1106375)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
@@ -17590,7 +17590,7 @@ CVE-2023-5529 (The Advanced Page Visit Counter WordPress plugin before 8.0.6 do
CVE-2023-2334 (The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy D ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4476 (A denial-of-service vulnerability has been identified in the libsoup H ...)
- - libsoup3 <unfixed> (bug #1105887)
+ - libsoup3 3.6.5-2 (bug #1105887)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1107757)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
@@ -28268,7 +28268,7 @@ CVE-2025-32930
REJECTED
CVE-2025-32914 (A flaw was found in libsoup, where the soup_multipart_new_from_message ...)
{DLA-4140-1}
- - libsoup3 <unfixed> (bug #1103267)
+ - libsoup3 3.6.5-2 (bug #1103267)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-10.1 (bug #1103512)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
@@ -28323,7 +28323,7 @@ CVE-2025-32909 (A flaw was found in libsoup. SoupContentSniffer may be vulnerabl
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/431
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92 (3.6.2)
CVE-2025-32908 (A flaw was found in libsoup. The HTTP/2 server in libsoup may not full ...)
- - libsoup3 <unfixed> (bug #1103265)
+ - libsoup3 3.6.5-2 (bug #1103265)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/429
@@ -28331,7 +28331,7 @@ CVE-2025-32908 (A flaw was found in libsoup. The HTTP/2 server in libsoup may no
NOTE: Introduced after: https://gitlab.gnome.org/GNOME/libsoup/-/commit/5fb25e7810498170dd3458c9509035cef945e299 (3.1.2)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/commit/a792b23ab87cacbf4dd9462bf7b675fa678efbae
CVE-2025-32907 (A flaw was found in libsoup. The implementation of HTTP range requests ...)
- - libsoup3 <unfixed> (bug #1103264)
+ - libsoup3 3.6.5-2 (bug #1103264)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1103518)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57107d4ad4b09bcbe06d19ae5e0514168e17b495
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57107d4ad4b09bcbe06d19ae5e0514168e17b495
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250712/e5c8055c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list