File _patchinfo of Package patchinfo.36711
<patchinfo incident="36711"> <issue tracker="cve" id="2024-52531"/> <issue tracker="cve" id="2024-52530"/> <issue tracker="cve" id="2024-52532"/> <issue tracker="bnc" id="1233292">VUL-0: CVE-2024-52531: libsoup,libsoup2: libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict</issue> <issue tracker="bnc" id="1233287">VUL-0: CVE-2024-52532: libsoup,libsoup2: libsoup: infinite loop while reading websocket data</issue> <issue tracker="bnc" id="1233285">VUL-0: CVE-2024-52530: libsoup,libsoup2: HTTP request smuggling via stripping null bytes from the ends of header names</issue> <packager>mgorse</packager> <rating>important</rating> <category>security</category> <summary>Security update for libsoup</summary> <description>This update for libsoup fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285) - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292) - CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287) Other fixes: - websocket-test: disconnect error copy after the test ends (glgo#GNOME/libsoup#391). - fix an intermittent test failure (glgo#GNOME/soup#399). - updated to version 2.68.4. </description> </patchinfo>
