UbuntuUpdates.org

Package "libsoup3"

Name: libsoup3

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GObject introspection data for the libsoup HTTP library
  • HTTP library implementation in C -- Shared library
  • HTTP library implementation in C -- Common files
  • HTTP library implementation in C -- Development files

Latest version: 3.6.0-2ubuntu0.1
Release: oracular (24.10)
Level: security
Repository: main

Links



Other versions of "libsoup3" in Oracular

Repository Area Version
base universe 3.6.0-2
base main 3.6.0-2
security universe 3.6.0-2ubuntu0.1
updates main 3.6.0-2ubuntu0.1
updates universe 3.6.0-2ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.6.0-2ubuntu0.1 2024-11-27 03:07:00 UTC

  libsoup3 (3.6.0-2ubuntu0.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2024-52531-1.patch: Be more robust against
      invalid input when parsing params
    - debian/patches/CVE-2024-52531-2.patch: Add test for passing
      invalid UTF-8 to soup_header_parse_semi_param_list()
    - CVE-2024-52531
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2024-52532-1.patch: process the frame as soon
      as data is read
    - debian/patches/CVE-2024-52532-2.patch: disconnect error copy
      after the test ends
    - CVE-2024-52532

 -- Bruce Cable <email address hidden> Mon, 18 Nov 2024 15:21:41 +1100

CVE-2024-52531 GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input re
CVE-2024-52532 GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.



About   -   Send Feedback to @ubuntu_updates