Overview

File _patchinfo of Package patchinfo.38609

<patchinfo incident="38609">
  <issue tracker="bnc" id="1241688">VUL-0: CVE-2025-46421: libsoup,libsoup2: libsoup: HTTP Authorization Header leak via an HTTP redirect</issue>
  <issue tracker="bnc" id="1240756">VUL-0: CVE-2025-32052: libsoup: Heap buffer overflow in sniff_unknown()</issue>
  <issue tracker="bnc" id="1240757">VUL-0: CVE-2025-32053: libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()</issue>
  <issue tracker="bnc" id="1240752">VUL-0: CVE-2025-32050: libsoup: Integer overflow in append_param_quoted</issue>
  <issue tracker="bnc" id="1241222">VUL-0: CVE-2025-32907: libsoup,libsoup2: excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request</issue>
  <issue tracker="bnc" id="1240750">VUL-0: CVE-2025-2784: libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content</issue>
  <issue tracker="bnc" id="1241686">VUL-0: CVE-2025-46420: libsoup,libsoup2: libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c</issue>
  <issue tracker="bnc" id="1241164">VUL-0: CVE-2025-32914: libsoup,libsoup2: out of bounds read  in `soup_multipart_new_from_message()`.</issue>
  <issue tracker="cve" id="2025-2784"/>
  <issue tracker="cve" id="2025-46420"/>
  <issue tracker="cve" id="2025-32053"/>
  <issue tracker="cve" id="2025-32052"/>
  <issue tracker="cve" id="2025-32907"/>
  <issue tracker="cve" id="2025-32914"/>
  <issue tracker="cve" id="2025-46421"/>
  <issue tracker="cve" id="2025-32050"/>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libsoup</summary>
  <description>This update for libsoup fixes the following issues:

 - CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing content (bsc#1240750)
 - CVE-2025-32050: Fixed Integer overflow in append_param_quoted (bsc#1240752)
 - CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756)
 - CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757)
 - CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222)
 - CVE-2025-32914: Fixed out of bounds read  in `soup_multipart_new_from_message()` (bsc#1241164)
 - CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686)
 - CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places