Univention Bugzilla – Bug 47520
libsoup2.4: Multiple issues (4.2)
Last modified: 2018-08-15 16:19:36 CEST
New Debian libsoup2.4 2.48.0-1+deb8u2 fixes: This update addresses the following issue(s): * * The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. (CVE-2018-12910) 2.48.0-1+deb8u2 (Fri, 06 Jul 2018 11:29:44 +0200) * Fix out of bounds access in the cookie jar (CVE-2018-12910). * CVE-2018-12910 libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/libsoup2.4_2.48.0-1+deb8u1.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/libsoup2.4_2.48.0-1+deb8u2.dsc @@ -1,3 +1,7 @@ +2.48.0-1+deb8u2 [Fri, 06 Jul 2018 11:29:44 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Fix out of bounds access in the cookie jar (CVE-2018-12910). + 2.48.0-1+deb8u1 [Wed, 09 Aug 2017 16:23:23 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.2-4/#1436270170194344071>
OK: patch OK: piuparts OK: yaml OK: errata-announce [4.2-4] 6469fc5fd3 Bug #47520: libsoup2.4 2.48.0-1+deb8u2 doc/errata/staging/libsoup2.4.yaml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) [4.2-4] 2e04e60408 Bug #47520: libsoup2.4 2.48.0-1+deb8u2 doc/errata/staging/libsoup2.4.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.2/464.html>