libsoup2.4 (2.74.2-3ubuntu0.6) jammy-security; urgency=medium
* SECURITY UPDATE: Denial of service.
- debian/patches/CVE-2025-32907-*.patch: Add i-- in
libsoup/soup-message-headers.c. Add B_SANITIZE_OPTION to meson.build.
- debian/patches/CVE-2025-4948.patch: Add ternary end - 2 - split check in
libsoup/soup-multipart.c.
- CVE-2025-32907
- CVE-2025-4948
* SECURITY UPDATE: Out of bounds read.
- debian/patches/CVE-2025-4969.patch: Add extra if checks for start of line
in libsoup/soup-multipart.c.
- CVE-2025-4969
* SECURITY UPDATE: Improper validation of cookie expiration.
- debian/patches/CVE-2025-4945-*.patch: Add extra date checks in
libsoup/soup-date.c.
- CVE-2025-4945
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Tue, 15 Jul 2025 13:32:52 -0230
libsoup2.4 (2.74.2-3ubuntu0.5) jammy-security; urgency=medium
* SECURITY UPDATE: Denial of service.
- debian/patches/CVE-2025-4476.patch: Replace strcmp with g_strcmp0 in
./libsoup/soup-auth-digest.c.
- CVE-2025-4476
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Fri, 23 May 2025 14:24:30 -0230
libsoup2.4 (2.74.2-3ubuntu0.4) jammy-security; urgency=medium
* SECURITY REGRESSION: Incomplete fix for CVE-2025-32912 (LP: #2110056)
- debian/patches/CVE-2025-32912-fix1.patch: Replace g_hash_table_contains
with g_hash_table_lookup in ./libsoup/soup-auth-digest.c.
- CVE-2025-32912
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Tue, 06 May 2025 15:03:48 -0230
libsoup2.4 (2.74.2-3ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: Out of bound read.
- debian/patches/CVE-2025-32906-*.patch: Add out of bound checks in
soup_headers_parse_request in ./libsoup/soup-headers.c.
- debian/patches/CVE-2025-32914.patch: Replace strstr operation with
g_strstr_len in ./libsoup/soup-multipart.c.
- CVE-2025-32906
- CVE-2025-32914
* SECURITY UPDATE: Null pointer dereference.
- debian/patches/CVE-2025-32909.patch: Add resource size check in
./libsoup/soup-content-sniffer.c.
- debian/patches/CVE-2025-32910-32912-*.patch: Add checks for missing realm
and nonce, and fix memory leak in ./libsoup/soup-auth-digest.c.
- debian/patches/CVE-2025-32912.patch: Add additional checks for nonce in
./libsoup/soup-auth-digest.c.
- CVE-2025-32909
- CVE-2025-32910
- CVE-2025-32912
* SECURITY UPDATE: Memory corruption.
- debian/patches/CVE-2025-32911-32913-*.patch: Add checks for empty
filename in ./libsoup/soup-message-headers.c.
- CVE-2025-32911
- CVE-2025-32913
* SECURITY UPDATE: Memory leak.
- debian/patches/CVE-2025-46420.patch: Free allocated strings during
iteration in ./libsoup/soup-headers.c.
- CVE-2025-46420
* SECURITY UPDATE: Information exposure through host impersonation.
- debian/patches/CVE-2025-46421.patch: Strip credentials on cross-origin
redirects in ./libsoup/soup-session.c.
- CVE-2025-46421
* debian/patches/Extend-test-cert-to-2049.patch: Extend expiration to 2049 of
a certificate used for build tests.
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Fri, 02 May 2025 16:43:03 -0230
libsoup2.4 (2.74.2-3ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2025-2784-1.patch: Fix potential overflow
- debian/patches/CVE-2025-2784-2.patch: Add better coverage of
skip_insignificant_space()
- CVE-2025-2784
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2025-32050.patch: Fix using int instead of
size_t for strcspn return
- CVE-2025-32050
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2025-32052.patch: Fix heap buffer overflow in
soup_content_sniffer_sniff
- CVE-2025-32052
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2025-32053.patch: Fix heap buffer overflow in
sniff_feed_or_html()
- CVE-2025-32053
-- Fabian Toepfer <fabian.toepfer@canonical.com> Wed, 09 Apr 2025 18:44:58 +0200
libsoup2.4 (2.74.2-3ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Request smuggling
- debian/patches/CVE-2024-52530.patch: Strictly don't allow NUL
bytes in headers
- CVE-2024-52530
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2024-52531-1.patch: Be more robust against
invalid input when parsing params
- debian/patches/CVE-2024-52531-2.patch: Add test for passing
invalid UTF-8 to soup_header_parse_semi_param_list()
- CVE-2024-52531
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2024-52532-1.patch: process the frame as soon
as data is read
- debian/patches/CVE-2024-52532-2.patch: disconnect error copy
after the test ends
- CVE-2024-52532
-- Bruce Cable <bruce.cable@canonical.com> Tue, 19 Nov 2024 09:24:38 +1100
libsoup2.4 (2.74.2-3) unstable; urgency=medium
* Team upload
* Source-only upload to allow testing migration
* Move to debhelper compat level 13
* Standards-Version: 4.6.0 (no changes required)
* Override Lintian errors for RUNPATH in installed-tests.
These have a private shared library for common code.
* Override overzealous Lintian hint for documentation outside /usr/share/doc
* d/p/tests-add-soup_test_build_filename_abs.patch,
d/p/test-utils-Log-Apache-arguments.patch,
d/p/test-utils-Save-Apache-server-root-during-initialization.patch:
Add patches to fix unit test teardown for XMLRPC tests
* Adjust PHP dependencies.
php currently has a complicated version number as a result of a
transition to PHP 8 that was started and then rolled back.
* d/p/Record-Apache-error-log-for-unit-tests-and-show-it-during.patch:
Add patch to display Apache error log in test diagnostics
* d/p/Mark-XMLRPC-tests-as-flaky.patch:
Add patch to treat tests based on php-xmlrpc as unreliable
-- Simon McVittie <smcv@debian.org> Mon, 27 Dec 2021 20:33:29 +0000
libsoup2.4 (2.74.2-2) unstable; urgency=medium
* Add libsoup2.4-common package for translations
-- Jeremy Bicha <jbicha@debian.org> Sun, 28 Nov 2021 16:04:43 -0500
libsoup2.4 (2.74.2-1) unstable; urgency=medium
* New upstream release
* Update debian/copyright
-- Jeremy Bicha <jbicha@debian.org> Sun, 28 Nov 2021 15:57:59 -0500
libsoup2.4 (2.74.1-1) unstable; urgency=medium
* New upstream release
* debian/control.in: Allow building against php8
* debian/control.in: Add php8 as an alternate dependency to php-xmlrpc
-- Jeremy Bicha <jbicha@debian.org> Sun, 24 Oct 2021 20:43:30 -0400
# For older changelog entries, run 'apt-get changelog libsoup2.4-common'
Generated by dwww version 1.14 on Thu Sep 4 02:11:36 CEST 2025.