libsoup2.4_2.74.3-10.1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat May 3 10:36:51 BST 2025
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 03 May 2025 17:11:55 +0800
Source: libsoup2.4
Architecture: source
Version: 2.74.3-10.1
Distribution: unstable
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
Changed-By: Sean Whitton <spwhitton at spwhitton.name>
Closes: 1103512 1103515 1103516 1103517 1103521 1104055
Changes:
libsoup2.4 (2.74.3-10.1) unstable; urgency=high
.
* Non-maintainer upload.
* CVE-2025-32906:
soup_headers_parse_request() function may be vulnerable to an
out-of-bound read. This flaw allows a malicious user to use a specially
crafted HTTP request to crash the HTTP server (Closes: #1103521).
* CVE-2025-32909:
SoupContentSniffer may be vulnerable to a NULL pointer dereference in
the sniff_mp4 function. The HTTP server may cause the libsoup client to
crash (Closes: #1103517).
* CVE-2025-32910:
soup_auth_digest_authenticate() is vulnerable to a NULL pointer
dereference. This issue may cause the libsoup client to crash
(Closes: #1103516).
* CVE-2025-32911:
use-after-free memory issue not on the heap in the
soup_message_headers_get_content_disposition() function. This flaw
allows a malicious HTTP client to cause memory corruption in the libsoup
server (Closes: #1103515).
* CVE-2025-32913:
the soup_message_headers_get_content_disposition() function is
vulnerable to a NULL pointer dereference. This flaw allows a malicious
HTTP peer to crash a libsoup client or server that uses this function.
(same fix for both CVE-2025-32911 and CVE-2025-32913)
* CVE-2025-32912:
SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP
server may cause the libsoup client to crash.
* CVE-2025-32914:
the soup_multipart_new_from_message() function is vulnerable to an
out-of-bounds read. This flaw allows a malicious HTTP client to induce the
libsoup server to read out of bounds (Closes: #1103512).
* CVE-2025-46420:
the soup_header_parse_quality_list() function is vulnerable to memory
leaks when parsing a quality list that contains elements with all zeroes
(Closes: #1104055).
Checksums-Sha1:
0b74059af68211f441995a5e3625e392d8966561 3502 libsoup2.4_2.74.3-10.1.dsc
8cf27e41713610ead2f7929ed04b27bdbc829200 41460 libsoup2.4_2.74.3-10.1.debian.tar.xz
Checksums-Sha256:
63037e6fdeb35c467c0cb53965e2993cbbb726a144895d67e195cb82246da916 3502 libsoup2.4_2.74.3-10.1.dsc
9da0db7d0eb8cd6d1ea5f52d512dd1c449b8d25877e12329992ec85e6916f3c2 41460 libsoup2.4_2.74.3-10.1.debian.tar.xz
Files:
f602dfa3ab9f30c332fae32a389dc1c0 3502 oldlibs optional libsoup2.4_2.74.3-10.1.dsc
be028af7a7d05f16e60df7e596b8de84 41460 oldlibs optional libsoup2.4_2.74.3-10.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmgV4FgACgkQaVt65L8G
YkCYEw/5AaIuUAdF/YeTZSWIanyq2+BSO2jejBd6g/5IrvIBDlpZ17HK174RoGvp
PlHXVX9TarNB6iqLPLKC/uk+FPcVucPrRrIchQ4vVBIXWoxKGOilZ5bnRl2aICx1
JyYrbsDiAmnWGKDdkGfC8BvsEaG9y/z2EKj1zNgtKXrCxkefNZsaq7cETZCyzb0B
M3VL5gm61mAenTn+tc+3BwDBh6mw+qAkqdO3zGIw1B0hSKXXEasvTWFUW4fZcxU1
ucCHWsD7D4ly7uipRgSPFJbXUn+jfLEY8cO8tHicGxHR49HOay441BJjL6MltPdO
IEdZC6B8a3/xBrH15RpW9ASqNIAXDHxxV6qYuSWNU+o20kgwRY2i3P+8GP5kv8Zg
kx1mwNiCigFf57hQDLctPHEZU3IkZ9IjG3uCUbO3Pmh3CN1tdcU2NyCCqdc8n4FS
6MQ4aqQWdM5g8njNtq7smiKirr4DqACV59CK6h9gkNF2MIXV149oppzlisEXVoAd
sxDAfaWgU8rshbbItT06p6y/I9usB6UAOeby9z9DpcF9qn+UWXaVHkk75mydtRUH
1SCGm6v8u6u3iaKap9w3ybZA1Fn6fVb7VXy/9CLx1IcZcagfV5vWTDxNiPctUVpo
AjOfbCgoloX8we8k9T+APWtYCZN1h6N6ob5vxxITs8Y8QOEu9Mk=
=dFP4
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20250503/70cb37ef/attachment.sig>
More information about the pkg-gnome-maintainers
mailing list