[Git][security-tracker-team/security-tracker][master] CVE-2025-32907 + CVE-2025-32049: Add notes

Sun, 27 Apr 2025 08:48:08 -0700 


Andreas Henriksson pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4207a429 by Andreas Henriksson at 2025-04-27T17:23:57+02:00
CVE-2025-32907 + CVE-2025-32049: Add notes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3980,6 +3980,8 @@ CVE-2025-32907 (A flaw was found in libsoup. The 
implementation of HTTP range re
        - libsoup3 <unfixed> (bug #1103264)
        - libsoup2.4 <unfixed> (bug #1103518)
        NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/428
+       NOTE: See also 
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452
+       NOTE: Upstream also claims there are multiple worse DoS problems, so 
questions the usefulness of this fix.
 CVE-2025-32906 (A flaw was found in libsoup, where the 
soup_headers_parse_request() fu ...)
        - libsoup3 3.6.5-1
        - libsoup2.4 <unfixed> (bug #1103521)
@@ -6992,6 +6994,8 @@ CVE-2025-32049 (A flaw was found in libsoup. The 
SoupWebsocketConnection may acc
        - libsoup2.4 <unfixed> (bug #1102211)
        NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/390
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/libsoup/-/commit/5a83501544a7ff180a5f3490192a280252cd7d04
+       NOTE: The fix commit above is not merged, just proposed in a MR.
+       NOTE: The fix commit just adds an option with the default retaining old 
behaviour: 
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408#note_2394070
 CVE-2025-31911 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31909 (Missing Authorization vulnerability in NotFound Apptivo 
Business Site  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4207a429655ed7fd7f5ec0e2bdd349dc7c4ba2e7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4207a429655ed7fd7f5ec0e2bdd349dc7c4ba2e7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to