libsoup3 3.4.4-5ubuntu0.1 source package in Ubuntu

Changelog

libsoup3 (3.4.4-5ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: Request smuggling
    - debian/patches/CVE-2024-52530.patch: Strictly don't allow NUL
      bytes in headers
    - CVE-2024-52530
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2024-52531-1.patch: Be more robust against
      invalid input when parsing params
    - debian/patches/CVE-2024-52531-2.patch: Add test for passing
      invalid UTF-8 to soup_header_parse_semi_param_list()
    - CVE-2024-52531
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2024-52532-1.patch: process the frame as soon
      as data is read
    - debian/patches/CVE-2024-52532-2.patch: disconnect error copy
      after the test ends
    - CVE-2024-52532

 -- Bruce Cable <email address hidden>  Mon, 18 Nov 2024 15:21:40 +1100

Upload details

Uploaded by:
Bruce Cable
Uploaded to:
Noble
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Noble updates main misc
Noble security main misc

Downloads

File Size SHA-256 Checksum
libsoup3_3.4.4.orig.tar.xz 1.5 MiB 291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa
libsoup3_3.4.4-5ubuntu0.1.debian.tar.xz 29.6 KiB 87ca2d5438bae66d4618baba955db6414f028da798a0a98078afa85180f6118b
libsoup3_3.4.4-5ubuntu0.1.dsc 2.9 KiB 2c977cf2fb66d092ca594eb27d8a2cddf586af42b2260cc379f854e44b2d51ba

View changes file

Binary packages built by this source

gir1.2-soup-3.0: GObject introspection data for the libsoup HTTP library

 This package contains introspection data for the libsoup HTTP library.
 .
 libsoup uses the Glib main loop and is designed to work well with GTK+
 applications. This enables GNOME applications to access HTTP servers
 on the network in a completely asynchronous fashion, very similar to
 the GTK+ programming model (a synchronous operation mode is also
 supported for those who want it).
 .
 It can be used by packages using the GIRepository format to generate
 dynamic bindings.

libsoup-3.0-0: HTTP library implementation in C -- Shared library

 It was originally part of a SOAP (Simple Object Access Protocol)
 implementation called Soup, but the SOAP and non-SOAP parts have now been
 split into separate packages.
 .
 libsoup uses the Glib main loop and is designed to work well with GTK+
 applications. This enables GNOME applications to access HTTP servers
 on the network in a completely asynchronous fashion, very similar to
 the GTK+ programming model (a synchronous operation mode is also
 supported for those who want it).
 .
 Features:
  * Both asynchronous (GMainLoop and callback-based) and synchronous APIs
  * Automatically caches connections
  * SSL Support using GnuTLS
  * Proxy support, including authentication and SSL tunneling
  * Client support for Digest, NTLM, and Basic authentication
  * Server support for Digest and Basic authentication
  * Basic client-side SOAP support
 .
 This package contains the shared library.

libsoup-3.0-0-dbgsym: debug symbols for libsoup-3.0-0
libsoup-3.0-common: HTTP library implementation in C -- Common files

 It was originally part of a SOAP (Simple Object Access Protocol)
 implementation called Soup, but the SOAP and non-SOAP parts have now been
 split into separate packages.
 .
 This package contains architecture-independent files such as translations.

libsoup-3.0-dev: HTTP library implementation in C -- Development files

 It was originally part of a SOAP (Simple Object Access Protocol)
 implementation called Soup, but the SOAP and non-SOAP parts have now been
 split into separate packages.
 .
 libsoup uses the Glib main loop and is designed to work well with GTK+
 applications. This enables GNOME applications to access HTTP servers
 on the network in a completely asynchronous fashion, very similar to
 the GTK+ programming model (a synchronous operation mode is also
 supported for those who want it).
 .
 Features:
  * Both asynchronous (GMainLoop and callback-based) and synchronous APIs
  * Automatically caches connections
  * SSL Support using GnuTLS
  * Proxy support, including authentication and SSL tunneling
  * Client support for Digest, NTLM, and Basic authentication
  * Server support for Digest and Basic authentication
  * Basic client-side SOAP support
 .
 This package contains the development files.

libsoup-3.0-doc: HTTP library implementation in C -- API Reference

 It was originally part of a SOAP (Simple Object Access Protocol)
 implementation called Soup, but the SOAP and non-SOAP parts have now been
 split into separate packages.
 .
 libsoup uses the Glib main loop and is designed to work well with GTK+
 applications. This enables GNOME applications to access HTTP servers
 on the network in a completely asynchronous fashion, very similar to
 the GTK+ programming model (a synchronous operation mode is also
 supported for those who want it).
 .
 Features:
  * Both asynchronous (GMainLoop and callback-based) and synchronous APIs
  * Automatically caches connections
  * SSL Support using GnuTLS
  * Proxy support, including authentication and SSL tunneling
  * Client support for Digest, NTLM, and Basic authentication
  * Server support for Digest and Basic authentication
  * Basic client-side SOAP support
 .
 This package contains the documentation.

libsoup-3.0-tests: HTTP library implementation in C -- installed tests

 libsoup uses the Glib main loop and is designed to work well with GTK+
 applications. This enables GNOME applications to access HTTP servers
 on the network in a completely asynchronous fashion, very similar to
 the GTK+ programming model (a synchronous operation mode is also
 supported for those who want it).
 .
 This package contains automated tests, mostly for use via autopkgtest.
 They can most easily be invoked via the gnome-desktop-testing-runner
 tool in the gnome-desktop-testing package.

libsoup-3.0-tests-dbgsym: debug symbols for libsoup-3.0-tests