[ubuntu/noble-security] libsoup3 3.4.4-5ubuntu0.7 (Accepted)
Bruce Cable
bruce.cable at canonical.com
Sun Feb 8 22:41:01 UTC 2026
libsoup3 (3.4.4-5ubuntu0.7) noble-security; urgency=medium
* SECURITY UPDATE: Carriage Return Line Feed Injection
- debian/patches/CVE-2026-1467.patch: Do host validation when checking if
a GUri is valid
- debian/patches/CVE-2026-1536-pre1.patch: Reject duplicate host headers
- debian/patches/CVE-2026-1536.patch: Always validate the headers value
when coming from untrusted source
- CVE-2026-1467
- CVE-2026-1536
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2026-1539.patch: Also remove Proxy-Authorization
header on cross origin redirect
- CVE-2026-1539
Date: 2026-02-02 23:58:17.216913+00:00
Changed-By: Bruce Cable <bruce.cable at canonical.com>
https://launchpad.net/ubuntu/+source/libsoup3/3.4.4-5ubuntu0.7
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list