Accepted libsoup2.4 2.74.3-10.1 (source) into unstable

Sat, 03 May 2025 02:37:06 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 03 May 2025 17:11:55 +0800
Source: libsoup2.4
Architecture: source
Version: 2.74.3-10.1
Distribution: unstable
Urgency: high
Maintainer: Debian GNOME Maintainers 
<pkg-gnome-maintain...@lists.alioth.debian.org>
Changed-By: Sean Whitton <spwhit...@spwhitton.name>
Closes: 1103512 1103515 1103516 1103517 1103521 1104055
Changes:
 libsoup2.4 (2.74.3-10.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * CVE-2025-32906:
     soup_headers_parse_request() function may be vulnerable to an
     out-of-bound read. This flaw allows a malicious user to use a specially
     crafted HTTP request to crash the HTTP server (Closes: #1103521).
   * CVE-2025-32909:
     SoupContentSniffer may be vulnerable to a NULL pointer dereference in
     the sniff_mp4 function. The HTTP server may cause the libsoup client to
     crash (Closes: #1103517).
   * CVE-2025-32910:
     soup_auth_digest_authenticate() is vulnerable to a NULL pointer
     dereference. This issue may cause the libsoup client to crash
     (Closes: #1103516).
   * CVE-2025-32911:
     use-after-free memory issue not on the heap in the
     soup_message_headers_get_content_disposition() function. This flaw
     allows a malicious HTTP client to cause memory corruption in the libsoup
     server (Closes: #1103515).
   * CVE-2025-32913:
     the soup_message_headers_get_content_disposition() function is
     vulnerable to a NULL pointer dereference. This flaw allows a malicious
     HTTP peer to crash a libsoup client or server that uses this function.
     (same fix for both CVE-2025-32911 and CVE-2025-32913)
   * CVE-2025-32912:
     SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP
     server may cause the libsoup client to crash.
   * CVE-2025-32914:
     the soup_multipart_new_from_message() function is vulnerable to an
     out-of-bounds read. This flaw allows a malicious HTTP client to induce the
     libsoup server to read out of bounds (Closes: #1103512).
   * CVE-2025-46420:
     the soup_header_parse_quality_list() function is vulnerable to memory
     leaks when parsing a quality list that contains elements with all zeroes
     (Closes: #1104055).
Checksums-Sha1:
 0b74059af68211f441995a5e3625e392d8966561 3502 libsoup2.4_2.74.3-10.1.dsc
 8cf27e41713610ead2f7929ed04b27bdbc829200 41460 
libsoup2.4_2.74.3-10.1.debian.tar.xz
Checksums-Sha256:
 63037e6fdeb35c467c0cb53965e2993cbbb726a144895d67e195cb82246da916 3502 
libsoup2.4_2.74.3-10.1.dsc
 9da0db7d0eb8cd6d1ea5f52d512dd1c449b8d25877e12329992ec85e6916f3c2 41460 
libsoup2.4_2.74.3-10.1.debian.tar.xz
Files:
 f602dfa3ab9f30c332fae32a389dc1c0 3502 oldlibs optional 
libsoup2.4_2.74.3-10.1.dsc
 be028af7a7d05f16e60df7e596b8de84 41460 oldlibs optional 
libsoup2.4_2.74.3-10.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmgV4FgACgkQaVt65L8G
YkCYEw/5AaIuUAdF/YeTZSWIanyq2+BSO2jejBd6g/5IrvIBDlpZ17HK174RoGvp
PlHXVX9TarNB6iqLPLKC/uk+FPcVucPrRrIchQ4vVBIXWoxKGOilZ5bnRl2aICx1
JyYrbsDiAmnWGKDdkGfC8BvsEaG9y/z2EKj1zNgtKXrCxkefNZsaq7cETZCyzb0B
M3VL5gm61mAenTn+tc+3BwDBh6mw+qAkqdO3zGIw1B0hSKXXEasvTWFUW4fZcxU1
ucCHWsD7D4ly7uipRgSPFJbXUn+jfLEY8cO8tHicGxHR49HOay441BJjL6MltPdO
IEdZC6B8a3/xBrH15RpW9ASqNIAXDHxxV6qYuSWNU+o20kgwRY2i3P+8GP5kv8Zg
kx1mwNiCigFf57hQDLctPHEZU3IkZ9IjG3uCUbO3Pmh3CN1tdcU2NyCCqdc8n4FS
6MQ4aqQWdM5g8njNtq7smiKirr4DqACV59CK6h9gkNF2MIXV149oppzlisEXVoAd
sxDAfaWgU8rshbbItT06p6y/I9usB6UAOeby9z9DpcF9qn+UWXaVHkk75mydtRUH
1SCGm6v8u6u3iaKap9w3ybZA1Fn6fVb7VXy/9CLx1IcZcagfV5vWTDxNiPctUVpo
AjOfbCgoloX8we8k9T+APWtYCZN1h6N6ob5vxxITs8Y8QOEu9Mk=
=dFP4
-----END PGP SIGNATURE-----

Attachment: pgpGPBxZcoMg7.pgp
Description: PGP signature

Reply via email to