[Git][security-tracker-team/security-tracker][master] 2 commits: Track fixed version for some libsoup3 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 4 04:54:25 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67b0ee55 by Salvatore Bonaccorso at 2026-02-04T05:51:10+01:00
Track fixed version for some libsoup3 issues

- - - - -
9b4f319f by Salvatore Bonaccorso at 2026-02-04T05:53:49+01:00
Track fixed version for CVE-2026-0716/libsoup3 via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-1801
-	- libsoup3 <unfixed>
+	- libsoup3 3.6.5-8
 	- libsoup2.4 <removed>
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/481
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/506
@@ -686,7 +686,7 @@ CVE-2026-20401 (In Modem, there is a possible system crash due to an uncaught ex
 CVE-2026-1770 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
 	NOT-FOR-US: Crafter CMS
 CVE-2026-1761 (A flaw was found in libsoup. This stack-based buffer overflow vulnerab ...)
-	- libsoup3 <unfixed> (bug #1126877)
+	- libsoup3 3.6.5-8 (bug #1126877)
 	[trixie] - libsoup3 <no-dsa> (Minor issue)
 	[bookworm] - libsoup3 <no-dsa> (Minor issue)
 	- libsoup2.4 <removed>
@@ -695,7 +695,7 @@ CVE-2026-1761 (A flaw was found in libsoup. This stack-based buffer overflow vul
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/493
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/cfa9d90d1a5c274233554a264c56551c13d6a6f0
 CVE-2026-1760 (A flaw was found in SoupServer. This HTTP request smuggling vulnerabil ...)
-	- libsoup3 <unfixed> (bug #1126876)
+	- libsoup3 3.6.5-8 (bug #1126876)
 	[trixie] - libsoup3 <no-dsa> (Minor issue)
 	[bookworm] - libsoup3 <no-dsa> (Minor issue)
 	- libsoup2.4 <removed>
@@ -1741,12 +1741,12 @@ CVE-2026-22243 (EGroupware is a Web based groupware server written in PHP. A SQL
 CVE-2026-21865 (Discourse is an open source discussion platform. In versions prior to  ...)
 	NOT-FOR-US: Discourse
 CVE-2026-1539 (A flaw was found in the libsoup HTTP library that can cause proxy auth ...)
-	- libsoup3 <unfixed> (bug #1126628)
+	- libsoup3 3.6.5-8 (bug #1126628)
 	- libsoup2.4 <removed>
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/489
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/98c1285d9d78662c38bf14b4a128af01ccfdb446
 CVE-2026-1536 (A flaw was found in libsoup. An attacker who can control the input for ...)
-	- libsoup3 <unfixed> (bug #1126627)
+	- libsoup3 3.6.5-8 (bug #1126627)
 	- libsoup2.4 <removed>
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/486
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/5c1a2e9c06a834eb715f60265a877f5b882cc1b1
@@ -2427,7 +2427,7 @@ CVE-2026-1472 (An out-of-band SQL injection vulnerability (OOB SQLi) has been de
 CVE-2026-1470 (n8n contains a critical Remote Code Execution (RCE) vulnerability in i ...)
 	NOT-FOR-US: n8n
 CVE-2026-1467 (A flaw was found in libsoup, an HTTP client library. This vulnerabilit ...)
-	- libsoup3 <unfixed> (bug #1126548)
+	- libsoup3 3.6.5-8 (bug #1126548)
 	- libsoup2.4 <removed>
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/488
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/commit/167ef0c6817658c1a089c75c462482209e207db4
@@ -9547,7 +9547,7 @@ CVE-2025-13749 (The Clearfy Cache \u2013 WordPress optimization plugin, Minify H
 CVE-2025-13628 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-0716 (A flaw was found in libsoup\u2019s WebSocket frame processing when han ...)
-	- libsoup3 <unfixed> (bug #1125156)
+	- libsoup3 3.6.5-9 (bug #1125156)
 	[trixie] - libsoup3 <no-dsa> (Minor issue)
 	[bookworm] - libsoup3 <no-dsa> (Minor issue)
 	- libsoup2.4 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8fda60d98555ac5f13e8c2ddb04c7f6a360e72aa...9b4f319fcfa817870e840d88caa1d1ce5c13c087

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8fda60d98555ac5f13e8c2ddb04c7f6a360e72aa...9b4f319fcfa817870e840d88caa1d1ce5c13c087
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260204/968eaa93/attachment.htm>

More information about the debian-security-tracker-commits mailing list