New Debian libsoup2.4 2.64.2-2+deb10u1 fixes: This update addresses the following issues: 2.64.2-2+deb10u1 (Thu, 12 Dec 2024 16:00:12 +0800) * Non-maintainer upload by the ELTS Team. * Backport upstream fixes for - CVE-2024-52530: HTTP request smuggling with null bytes at the end of header names - CVE-2024-52531: buffer overflow in soup_header_parse_param_list_strict - CVE-2024-52532: infinite loop / potential DoS in reading certain data from WebSocket clients.
--- mirror/ftp/pool/main/libs/libsoup2.4/libsoup2.4_2.64.2-2.dsc +++ apt/ucs_5.0-0-errata5.0-9/source/libsoup2.4_2.64.2-2+deb10u1.dsc @@ -1,3 +1,14 @@ +2.64.2-2+deb10u1 [Thu, 12 Dec 2024 16:00:12 +0800] Sean Whitton <spwhitton@spwhitton.name>: + + * Non-maintainer upload by the ELTS Team. + * Backport upstream fixes for + - CVE-2024-52530: HTTP request smuggling with null bytes at the end of + header names (Closes: #1088812) + - CVE-2024-52531: buffer overflow in soup_header_parse_param_list_strict + (Closes: #1089240) + - CVE-2024-52532: infinite loop / potential DoS in reading certain + data from WebSocket clients (Closes: #1089238). + 2.64.2-2 [Thu, 27 Dec 2018 23:09:24 -0500] Jeremy Bicha <jbicha@debian.org>: * Restore -Wl,-O1 to our LDFLAGS <http://piuparts.knut.univention.de/5.0-9/#5700500445242072421>
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts Freexian provide new *-dbgsym [5.0-9] 36397d16e1 Bug #57808: libsoup2.4 2.64.2-2+deb10u1 doc/errata/staging/libsoup2.4.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-9] 2bd77b6455 Bug #57808: libsoup2.4 2.64.2-2+deb10u1 doc/errata/staging/libsoup2.4.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x1191>