Security update for libsoup
This update for libsoup fixes the following issues:
Security issue fixed:
- CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097).
- CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited
against either clients or servers (bsc#1052916).
Bug fixes:
- bsc#1086036: translation-update-upstream commented out for Leap
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Michael Gorse (mgorse)
Fixed bugs
bnc#1052916
VUL-0: CVE-2017-2885: libsoup: Stack based buffer overflow with HTTP Chunked Encoding
bnc#1100097
VUL-1: CVE-2018-12910: libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames
bnc#1086036
translation-update-upstream commented out for Leap
