File _patchinfo of Package patchinfo.36710

<patchinfo incident="36710">
  <issue tracker="bnc" id="1233292">VUL-0: CVE-2024-52531: libsoup,libsoup2: libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict</issue>
  <issue tracker="bnc" id="1233285">VUL-0: CVE-2024-52530: libsoup,libsoup2: HTTP request smuggling via stripping null bytes from the ends of header names</issue>
  <issue tracker="bnc" id="1233287">VUL-0: CVE-2024-52532: libsoup,libsoup2: libsoup: infinite loop while reading websocket data</issue>
  <issue tracker="cve" id="2024-52530"/>
  <issue tracker="cve" id="2024-52532"/>
  <issue tracker="cve" id="2024-52531"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libsoup</summary>
  <description>This update for libsoup fixes the following issues:

- CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
- CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
- CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)

Other fixes:

- websocket-test: disconnect error copy after
  the test ends (glgo#GNOME/libsoup#391).
- fix an intermittent test failure
  (glgo#GNOME/soup#399).
- Increase test timeout on s390x. The http2-body-stream test can be
  slow and sometimes times out in our builds.
</description>
</patchinfo>