Bug#871650: libsoup2.4: CVE-2017-2885: stack based buffer overflow with HTTP Chunked Encoding
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 10 12:35:20 UTC 2017
Source: libsoup2.4
Version: 2.48.0-1
Severity: grave
Tags: security patch upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=785774
Control: fixed -1 2.48.0-1+deb8u1
Control: fixed -1 2.56.0-2+deb9u1
Hi,
the following vulnerability was published for libsoup2.4.
CVE-2017-2885[0]:
stack based buffer overflow with HTTP Chunked Encoding
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-2885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2885
[1] https://bugzilla.gnome.org/show_bug.cgi?id=785774
[2] https://git.gnome.org/browse/libsoup/commit/?id=03c91c76daf70ee227f38304c5e45a155f45073d
Regards,
Salvatore
More information about the pkg-gnome-maintainers
mailing list