Hello, Thank for the patch but it needs improvements:
On Wed Feb 18, 2026 at 12:45 PM CET, Rohini Sangam via lists.openembedded.org wrote: > CVE fixed: > - CVE-2025-14523 libsoup: Duplicate Host Header Handling Causes Host-Parsing > Discrepancy (First- vs Last-Value Wins) > Upstream-Status: Backport from > https://gitlab.gnome.org/GNOME/libsoup/-/commit/383cc02354c2a4235a98338005f8b47ffab4e53a This patch is not merged is any meaningful branch. You need to justify why you think this patch is the right patch for this CVE. > Signed-off-by: Rohini Sangam <[email protected]> > --- > .../libsoup/libsoup-2.4/CVE-2025-14523.patch | 79 +++++++++++++++++++ > .../libsoup/libsoup-2.4_2.74.2.bb | 1 + > 2 files changed, 80 insertions(+) > create mode 100644 > meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch > > diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch > b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch > new file mode 100644 > index 0000000000..3b534a64d5 > --- /dev/null > +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-14523.patch > @@ -0,0 +1,79 @@ > +From 383cc02354c2a4235a98338005f8b47ffab4e53a Mon Sep 17 00:00:00 2001 > +From: Michael Catanzaro <[email protected]> > +Date: Wed, 7 Jan 2026 14:50:33 -0600 > +Subject: [PATCH] Reject duplicate Host headers (for libsoup 2) > + > +https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/491 > + > +Upstream-Status: Backport from > https://gitlab.gnome.org/GNOME/libsoup/-/commit/383cc02354c2a4235a98338005f8b47ffab4e53a The proper syntax for this line is: Upstream-Status: Backport [<URL>] Regards, -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231672): https://lists.openembedded.org/g/openembedded-core/message/231672 Mute This Topic: https://lists.openembedded.org/mt/117873124/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
