libsoup2.4_2.74.3-10_source.changes ACCEPTED into unstable

Sat Apr 12 20:50:57 BST 2025

Thank you for your contribution to Debian.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 12 Apr 2025 15:15:11 -0400
Source: libsoup2.4
Built-For-Profiles: noudeb
Architecture: source
Version: 2.74.3-10
Distribution: unstable
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
Changed-By: Jeremy Bícha <jbicha at ubuntu.com>
Closes: 1102208 1102212 1102214 1102215
Launchpad-Bugs-Fixed: 2107263
Changes:
 libsoup2.4 (2.74.3-10) unstable; urgency=high
 .
   [ Fabian Toepfer ]
   * SECURITY UPDATE: out-of-bounds read
     - debian/patches/CVE-2025-2784-1.patch: Fix potential overflow
     - debian/patches/CVE-2025-2784-2.patch: Add better coverage of
       skip_insignificant_space()
     - CVE-2025-2784 (Closes: #1102208) (LP: #2107263)
   * SECURITY UPDATE: out-of-bounds read
     - debian/patches/CVE-2025-32050.patch: Fix using int instead of
       size_t for strcspn return
     - CVE-2025-32050 (Closes: #1102212)
   * SECURITY UPDATE: out-of-bounds read
     - debian/patches/CVE-2025-32052.patch: Fix heap buffer overflow in
       soup_content_sniffer_sniff
     - CVE-2025-32052 (Closes: #1102214)
   * SECURITY UPDATE: out-of-bounds read
     - debian/patches/CVE-2025-32053.patch: Fix heap buffer overflow in
       sniff_feed_or_html()
     - CVE-2025-32053 (Closes: #1102215)
Checksums-Sha1:
 4fde94ca1ee2d946606b1dfd6fdadd83afa065be 3374 libsoup2.4_2.74.3-10.dsc
 dcfc60c75ea2a0b51c2c1347663f2a29b398b586 34944 libsoup2.4_2.74.3-10.debian.tar.xz
 f3b3aa08e65fba5881b936999c9adf081e9a5539 13992 libsoup2.4_2.74.3-10_source.buildinfo
Checksums-Sha256:
 623d6be3bdfc1d0b974fc0121d49118ff61cd95ff8e8304803b20a4bcab609f9 3374 libsoup2.4_2.74.3-10.dsc
 88050934e7943dea52820b1f6d904e1a96e31db48cf6899f4d6d413ad61163bd 34944 libsoup2.4_2.74.3-10.debian.tar.xz
 21c005f10a00295f7934b8d887dc7d9e9729f35f6b93c2eb27751c8b98e40097 13992 libsoup2.4_2.74.3-10_source.buildinfo
Files:
 15d2998630b888ed2e9a05580243ab0b 3374 oldlibs optional libsoup2.4_2.74.3-10.dsc
 b4edea6b706ec3e5380cd392785ab511 34944 oldlibs optional libsoup2.4_2.74.3-10.debian.tar.xz
 0e6447ea5ce4a1057e784e68d73e5803 13992 oldlibs optional libsoup2.4_2.74.3-10_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmf6vX8ACgkQ5mx3Wuv+
bH2yTg//WJY28kQDX2DQg7E3/TCKjf6unraYQ5neawPBNunzl1vvxSkH2WRr9pOF
cycQK6tZPnLcbM1I9aWPVcIRBYGJJf0/Qfc4uriM400UC9oESuGNEQ+LVZ21BLx3
8wobKydBBEB7X/P/MqPxqqSYzeTtd7JWLyA9tqSohnVkqAeEbCvUa2clUK+E/9I1
CvTV6ZXBTe721ADQgCsXArUrWzSxJPvWquIiz0L8d8tYVn0NkBfnZT2UozK8BMdi
7tzasUGkL3FALXhzQon11hq3YJ//pmCVpU4bQVXcYxZn9b9VJAo+Crt67oYlA5xe
Y3WsgWQiD4YQ8zggWwYHnZpDiEjjxIr/VZE305fxlMfjECWysVBGMPDlOb/S8yaM
xmdV++dwarZw88QnfdXKR6G9yMbq5yjQrAv9PGkryOeXL5NrrKrdnI5x8Oj2mU9x
m5kxQZWy/8n02HnOM4tj/vAqbk5UiC9qETBYp7PomlQc8S/dbZeOuSZnB7wjPb3v
CBUTwbK9Lsn5yc0e9Uw4BVvh1r+DP7ZNXkiYgZpHhDQ2/zaFMuP88fbajkJq2RJI
joHOI0dv03XvevxS09FdnhA+h55HCBXYooyzbYO05uTsk4GB1Yq9h2DzhR9KuzQe
MflEXJ/8Ce7J+1szj5A7nVyj+k7sYNlmWQZu3rOJTvR+VZD+IZA=
=HKru
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20250412/3ed805fc/attachment.sig>