Bug#1102213: libsoup2.4: CVE-2025-32051
Sylvain Beucler
beuc at beuc.net
Tue Apr 8 22:10:12 BST 2025
Hi,
On Sun, 06 Apr 2025 14:25:36 +0200 Salvatore Bonaccorso
<carnil at debian.org> wrote:
> The code was refactored in 2.99.1 with 737eef099ca1 ("Replace SoupURI
> with GUri") upstream but the same underlying code seems present in the
> original implementation, but I'm not 100% certain. Please
> double-check.
AFAICS the code was introduced (in SoupURI form) along with the
'soup_uri_decode_data_uri' function a bit before that in
https://gitlab.gnome.org/GNOME/libsoup/-/commit/9f42c7b8dc1d099b1464070ca993189bf7a3cdd0
(still in 2.99.1).
I believe libsoup2.4 is <not-affected>.
Cheers!
Sylvain Beucler
Debian LTS Team
More information about the pkg-gnome-maintainers
mailing list