[ubuntu/questing-proposed] libsoup3 3.6.5-1ubuntu1 (Accepted)

Hlib Korzhynskyy hlib.korzhynskyy at canonical.com
Fri May 23 17:32:15 UTC 2025 

libsoup3 (3.6.5-1ubuntu1) questing; urgency=medium

  * SECURITY UPDATE: Denial of service.
    - debian/patches/CVE-2025-32908-1.patch: Add NULL checks with returns for
      NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE in
      ./libsoup/server/http2/soup-server-message-io-http2.c.
    - debian/patches/CVE-2025-32908-2.patch: Improve NULL checks in
      ./libsoup/server/http2/soup-server-message-io-http2.c.
    - debian/patches/CVE-2025-4476.patch: Replace strcmp with g_strcmp0 in
      ./libsoup/auth/soup-auth-digest.c.
    - CVE-2025-32908
    - CVE-2025-4476

Date: Thu, 22 May 2025 15:04:22 -0230
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libsoup3/3.6.5-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Thu, 22 May 2025 15:04:22 -0230
Source: libsoup3
Built-For-Profiles: noudeb
Architecture: source
Version: 3.6.5-1ubuntu1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Changes:
 libsoup3 (3.6.5-1ubuntu1) questing; urgency=medium
 .
   * SECURITY UPDATE: Denial of service.
     - debian/patches/CVE-2025-32908-1.patch: Add NULL checks with returns for
       NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE in
       ./libsoup/server/http2/soup-server-message-io-http2.c.
     - debian/patches/CVE-2025-32908-2.patch: Improve NULL checks in
       ./libsoup/server/http2/soup-server-message-io-http2.c.
     - debian/patches/CVE-2025-4476.patch: Replace strcmp with g_strcmp0 in
       ./libsoup/auth/soup-auth-digest.c.
     - CVE-2025-32908
     - CVE-2025-4476
Checksums-Sha1:
 9c370cc2b480c999af625952efd16375aaa57f88 3122 libsoup3_3.6.5-1ubuntu1.dsc
 3f87f2e8a6286efc54ca4f491d2c425852614f81 29148 libsoup3_3.6.5-1ubuntu1.debian.tar.xz
 fa350eff1a64352789ec7f447082dd82185edb82 15325 libsoup3_3.6.5-1ubuntu1_source.buildinfo
Checksums-Sha256:
 a02f48769beb1e8291af0c72efae98e35f4ed03caa4d3a8b2ffba28dad170cf1 3122 libsoup3_3.6.5-1ubuntu1.dsc
 5623b337191b2216e918a61474a9826ccbaca905fe9418427de7e3250204afb9 29148 libsoup3_3.6.5-1ubuntu1.debian.tar.xz
 3b1afa0b22a8f2e83730a8c2c3db5620b82ed1d741997e969c8a949c9fcfb389 15325 libsoup3_3.6.5-1ubuntu1_source.buildinfo
Files:
 11dcd9878ce9c91a7cc04dbbebdce749 3122 devel optional libsoup3_3.6.5-1ubuntu1.dsc
 f230b65a7ffdb0196386a1aebb20ede8 29148 devel optional libsoup3_3.6.5-1ubuntu1.debian.tar.xz
 9135aaa2a2c777e3cda4112f45050d15 15325 devel optional libsoup3_3.6.5-1ubuntu1_source.buildinfo
Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>

More information about the Questing-changes mailing list