Package "libsoup2.4"
Name: |
libsoup2.4
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- GObject introspection data for the libsoup HTTP library
- HTTP library implementation in C -- GNOME support library
- HTTP library implementation in C -- GNOME support development files
- HTTP library implementation in C -- Shared library
|
Latest version: |
2.70.0-1ubuntu0.1 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
main |
Links
Other versions of "libsoup2.4" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
libsoup2.4 (2.70.0-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Request smuggling
- debian/patches/CVE-2024-52530.patch: Strictly don't allow NUL
bytes in headers
- CVE-2024-52530
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2024-52531-1.patch: Be more robust against
invalid input when parsing params
- debian/patches/CVE-2024-52531-2.patch: Add test for passing
invalid UTF-8 to soup_header_parse_semi_param_list()
- CVE-2024-52531
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2024-52532-1.patch: process the frame as soon
as data is read
- debian/patches/CVE-2024-52532-2.patch: disconnect error copy
after the test ends
- CVE-2024-52532
-- Bruce Cable <email address hidden> Mon, 18 Nov 2024 17:04:33 +1100
|
CVE-2024-52530 |
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., |
CVE-2024-52531 |
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input re |
CVE-2024-52532 |
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. |
|
About
-
Send Feedback to @ubuntu_updates