[ubuntu/noble-security] libsoup3 3.4.4-5ubuntu0.4 (Accepted)

Wed May 28 13:53:01 UTC 2025

libsoup3 (3.4.4-5ubuntu0.4) noble-security; urgency=medium

  * SECURITY UPDATE: Denial of service.
    - debian/patches/CVE-2025-32908-1.patch: Add NULL checks with returns for
      NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE in
      ./libsoup/server/http2/soup-server-message-io-http2.c.
    - debian/patches/CVE-2025-32908-2.patch: Improve NULL checks in
      ./libsoup/server/http2/soup-server-message-io-http2.c.
    - debian/patches/CVE-2025-4476.patch: Replace strcmp with g_strcmp0 in
      ./libsoup/auth/soup-auth-digest.c.
    - CVE-2025-32908
    - CVE-2025-4476

Date: 2025-05-22 18:24:13.957505+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
https://launchpad.net/ubuntu/+source/libsoup3/3.4.4-5ubuntu0.4
-------------- next part --------------
Sorry, changesfile not available.