-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 03 May 2025 17:11:55 +0800
Source: libsoup2.4
Architecture: source
Version: 2.74.3-10.1
Distribution: unstable
Urgency: high
Maintainer: Debian GNOME Maintainers <
pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Sean Whitton <
spwhitton@spwhitton.name>
Closes: 1103512 1103515 1103516 1103517 1103521 1104055
Changes:
libsoup2.4 (2.74.3-10.1) unstable; urgency=high
.
* Non-maintainer upload.
* CVE-2025-32906:
soup_headers_parse_request() function may be vulnerable to an
out-of-bound read. This flaw allows a malicious user to use a specially
crafted HTTP request to crash the HTTP server (Closes: #1103521).
* CVE-2025-32909:
SoupContentSniffer may be vulnerable to a NULL pointer dereference in
the sniff_mp4 function. The HTTP server may cause the libsoup client to
crash (Closes: #1103517).
* CVE-2025-32910:
soup_auth_digest_authenticate() is vulnerable to a NULL pointer
dereference. This issue may cause the libsoup client to crash
(Closes: #1103516).
* CVE-2025-32911:
use-after-free memory issue not on the heap in the
soup_message_headers_get_content_disposition() function. This flaw
allows a malicious HTTP client to cause memory corruption in the libsoup
server (Closes: #1103515).
* CVE-2025-32913:
the soup_message_headers_get_content_disposition() function is
vulnerable to a NULL pointer dereference. This flaw allows a malicious
HTTP peer to crash a libsoup client or server that uses this function.
(same fix for both CVE-2025-32911 and CVE-2025-32913)
* CVE-2025-32912:
SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP
server may cause the libsoup client to crash.
* CVE-2025-32914:
the soup_multipart_new_from_message() function is vulnerable to an
out-of-bounds read. This flaw allows a malicious HTTP client to induce the
libsoup server to read out of bounds (Closes: #1103512).
* CVE-2025-46420:
the soup_header_parse_quality_list() function is vulnerable to memory
leaks when parsing a quality list that contains elements with all zeroes
(Closes: #1104055).
Checksums-Sha1:
0b74059af68211f441995a5e3625e392d8966561 3502 libsoup2.4_2.74.3-10.1.dsc
8cf27e41713610ead2f7929ed04b27bdbc829200 41460 libsoup2.4_2.74.3-10.1.debian.tar.xz
Checksums-Sha256:
63037e6fdeb35c467c0cb53965e2993cbbb726a144895d67e195cb82246da916 3502 libsoup2.4_2.74.3-10.1.dsc
9da0db7d0eb8cd6d1ea5f52d512dd1c449b8d25877e12329992ec85e6916f3c2 41460 libsoup2.4_2.74.3-10.1.debian.tar.xz
Files:
f602dfa3ab9f30c332fae32a389dc1c0 3502 oldlibs optional libsoup2.4_2.74.3-10.1.dsc
be028af7a7d05f16e60df7e596b8de84 41460 oldlibs optional libsoup2.4_2.74.3-10.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmgV4FgACgkQaVt65L8G YkCYEw/5AaIuUAdF/YeTZSWIanyq2+BSO2jejBd6g/5IrvIBDlpZ17HK174RoGvp PlHXVX9TarNB6iqLPLKC/uk+FPcVucPrRrIchQ4vVBIXWoxKGOilZ5bnRl2aICx1 JyYrbsDiAmnWGKDdkGfC8BvsEaG9y/z2EKj1zNgtKXrCxkefNZsaq7cETZCyzb0B M3VL5gm61mAenTn+tc+3BwDBh6mw+qAkqdO3zGIw1B0hSKXXEasvTWFUW4fZcxU1 ucCHWsD7D4ly7uipRgSPFJbXUn+jfLEY8cO8tHicGxHR49HOay441BJjL6MltPdO IEdZC6B8a3/xBrH15RpW9ASqNIAXDHxxV6qYuSWNU+o20kgwRY2i3P+8GP5kv8Zg kx1mwNiCigFf57hQDLctPHEZU3IkZ9IjG3uCUbO3Pmh3CN1tdcU2NyCCqdc8n4FS 6MQ4aqQWdM5g8njNtq7smiKirr4DqACV59CK6h9gkNF2MIXV149oppzlisEXVoAd sxDAfaWgU8rshbbItT06p6y/I9usB6UAOeby9z9DpcF9qn+UWXaVHkk75mydtRUH 1SCGm6v8u6u3iaKap9w3ybZA1Fn6fVb7VXy/9CLx1IcZcagfV5vWTDxNiPctUVpo AjOfbCgoloX8we8k9T+APWtYCZN1h6N6ob5vxxITs8Y8QOEu9Mk=
=dFP4
-----END PGP SIGNATURE-----
--==============307787002198121428=Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaBXjswAKCRCb9qggYcy5 ITL0AQDeLE/E9Iev+y/2x24nuNo015csXZ8k9fAxasdSdfflvQEAs2O0ezbgknta GUoLpwTQ+nRzYbcUJasZ+nVWI4HQYQ8=jJQY
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)