This bug was fixed in the package libsoup2.4 - 2.74.3-10
---------------
libsoup2.4 (2.74.3-10) unstable; urgency=high
[ Fabian Toepfer ]
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2025-2784-1.patch: Fix potential overflow
- debian/patches/CVE-2025-2784-2.patch: Add better coverage of
skip_insignificant_space()
- CVE-2025-2784 (Closes: #1102208) (LP: #2107263)
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2025-32050.patch: Fix using int instead of
size_t for strcspn return
- CVE-2025-32050 (Closes: #1102212)
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2025-32052.patch: Fix heap buffer overflow in
soup_content_sniffer_sniff
- CVE-2025-32052 (Closes: #1102214)
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2025-32053.patch: Fix heap buffer overflow in
sniff_feed_or_html()
- CVE-2025-32053 (Closes: #1102215)
-- Jeremy Bícha <[email protected]> Sat, 12 Apr 2025 15:15:11 -0400
** Changed in: libsoup2.4 (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-2784
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-32050
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-32052
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-32053
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2107263
Title:
libsoup2.4 early April 2025 security vulnerabilities
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libsoup2.4/+bug/2107263/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
