Publishing details

Changelog

libsoup3 (3.4.4-5ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: Request smuggling
    - debian/patches/CVE-2024-52530.patch: Strictly don't allow NUL
      bytes in headers
    - CVE-2024-52530
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2024-52531-1.patch: Be more robust against
      invalid input when parsing params
    - debian/patches/CVE-2024-52531-2.patch: Add test for passing
      invalid UTF-8 to soup_header_parse_semi_param_list()
    - CVE-2024-52531
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2024-52532-1.patch: process the frame as soon
      as data is read
    - debian/patches/CVE-2024-52532-2.patch: disconnect error copy
      after the test ends
    - CVE-2024-52532

 -- Bruce Cable <email address hidden>  Mon, 18 Nov 2024 15:21:40 +1100

Available diffs

Builds

Built packages

Package files