[ubuntu/questing-proposed] libsoup2.4 2.74.3-10.1ubuntu4 (Accepted)

Hlib Korzhynskyy hlib.korzhynskyy at canonical.com
Thu Jul 17 17:45:15 UTC 2025 

libsoup2.4 (2.74.3-10.1ubuntu4) questing; urgency=medium

  * SECURITY UPDATE: Denial of service.
    - debian/patches/CVE-2025-32907-*.patch: Add i-- in
      libsoup/soup-message-headers.c. Add B_SANITIZE_OPTION to meson.build.
    - debian/patches/CVE-2025-4948.patch: Add ternary end - 2 - split check in
      libsoup/soup-multipart.c.
    - CVE-2025-32907
    - CVE-2025-4948
  * SECURITY UPDATE: Out of bounds read.
    - debian/patches/CVE-2025-4969.patch: Add extra if checks for start of line
      in libsoup/soup-multipart.c.
    - CVE-2025-4969
  * SECURITY UPDATE: Improper validation of cookie expiration.
    - debian/patches/CVE-2025-4945-*.patch: Add extra date checks in
      libsoup/soup-date.c.
    - CVE-2025-4945

Date: Thu, 17 Jul 2025 14:29:01 -0230
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.3-10.1ubuntu4
-------------- next part --------------
Format: 1.8
Date: Thu, 17 Jul 2025 14:29:01 -0230
Source: libsoup2.4
Built-For-Profiles: noudeb
Architecture: source
Version: 2.74.3-10.1ubuntu4
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Changes:
 libsoup2.4 (2.74.3-10.1ubuntu4) questing; urgency=medium
 .
   * SECURITY UPDATE: Denial of service.
     - debian/patches/CVE-2025-32907-*.patch: Add i-- in
       libsoup/soup-message-headers.c. Add B_SANITIZE_OPTION to meson.build.
     - debian/patches/CVE-2025-4948.patch: Add ternary end - 2 - split check in
       libsoup/soup-multipart.c.
     - CVE-2025-32907
     - CVE-2025-4948
   * SECURITY UPDATE: Out of bounds read.
     - debian/patches/CVE-2025-4969.patch: Add extra if checks for start of line
       in libsoup/soup-multipart.c.
     - CVE-2025-4969
   * SECURITY UPDATE: Improper validation of cookie expiration.
     - debian/patches/CVE-2025-4945-*.patch: Add extra date checks in
       libsoup/soup-date.c.
     - CVE-2025-4945
Checksums-Sha1:
 67e8ebc9ba153946c01cebc02a7ff5c701b92f98 3489 libsoup2.4_2.74.3-10.1ubuntu4.dsc
 fe793d45dad97f7e378fd9cafe11afc71d67bdec 45536 libsoup2.4_2.74.3-10.1ubuntu4.debian.tar.xz
 d6ee71ad2c4bc1c6e85e19d241bfe8d8e1dab17f 15517 libsoup2.4_2.74.3-10.1ubuntu4_source.buildinfo
Checksums-Sha256:
 71f4c3175a15acb60eaae03cb21768f2862062001c62d37ac3dd8cae4ca472aa 3489 libsoup2.4_2.74.3-10.1ubuntu4.dsc
 986198d1d910e81ad43a1185db1fc3d8a90445425804743bf430051ea93a0803 45536 libsoup2.4_2.74.3-10.1ubuntu4.debian.tar.xz
 53ea5798ec1533291a7ab19911b43bc41bd86d759522383659e763111de631d6 15517 libsoup2.4_2.74.3-10.1ubuntu4_source.buildinfo
Files:
 0203d766af1776c30198b918c4412cbc 3489 oldlibs optional libsoup2.4_2.74.3-10.1ubuntu4.dsc
 2fa9fc3f117dbb924dc674afca7b4e42 45536 oldlibs optional libsoup2.4_2.74.3-10.1ubuntu4.debian.tar.xz
 d12799a9789b380651e116c8caddc896 15517 oldlibs optional libsoup2.4_2.74.3-10.1ubuntu4_source.buildinfo
Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>

More information about the Questing-changes mailing list