UbuntuUpdates.org

Package "libsoup-3.0-tests"

Name: libsoup-3.0-tests

Description:

HTTP library implementation in C -- installed tests
Latest version: 3.6.5-4ubuntu0.2
Release: questing (25.10)
Level: updates
Repository: universe
Head package: libsoup3
Homepage: https://libsoup.gnome.org/libsoup-3.0/index.html

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libsoup-3.0-tests"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libsoup-3.0-tests" in Questing

Repository Area Version
base universe 3.6.5-4
security universe 3.6.5-4ubuntu0.2

Changelog

Version: 3.6.5-4ubuntu0.2 2026-02-10 04:09:15 UTC

  libsoup3 (3.6.5-4ubuntu0.2) questing-security; urgency=medium

  * SECURITY UPDATE: Carriage Return Line Feed Injection
    - debian/patches/CVE-2026-1467.patch: Do host validation when checking if
      a GUri is valid
    - debian/patches/CVE-2026-1536-pre1.patch: Reject duplicate host headers
    - debian/patches/CVE-2026-1536.patch: Always validate the headers value
      when coming from untrusted source
    - CVE-2026-1467
    - CVE-2026-1536
  * SECURITY UPDATE: Information Leak
    - debian/patches/CVE-2026-1539.patch: Also remove Proxy-Authorization
      header on cross origin redirect
    - CVE-2026-1539

 -- Bruce Cable <email address hidden> Mon, 02 Feb 2026 15:38:39 +1100
Source diff to previous version
CVE-2026-1467 A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP pro
CVE-2026-1536 A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) seq
CVE-2026-1539 A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTT

Version: 3.6.5-4ubuntu0.1 2025-12-15 21:14:15 UTC

  libsoup3 (3.6.5-4ubuntu0.1) questing-security; urgency=medium

  * SECURITY UPDATE: Use after free in HTTP/2 queues.
    - debian/patches/CVE-2025-12105.patch: Add SOUP_MESSAGE_FINISHED checks in
      libsoup/soup-session.c.
    - CVE-2025-12105

 -- Hlib Korzhynskyy <email address hidden> Thu, 11 Dec 2025 16:49:21 -0330
CVE-2025-12105 A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP


About   -   Send Feedback to @ubuntu_updates