File _patchinfo of Package patchinfo.38918

<patchinfo incident="38918">
  <issue tracker="cve" id="2025-32910"/>
  <issue tracker="cve" id="2025-4948"/>
  <issue tracker="cve" id="2025-32911"/>
  <issue tracker="cve" id="2025-32906"/>
  <issue tracker="cve" id="2025-32909"/>
  <issue tracker="cve" id="2025-32912"/>
  <issue tracker="cve" id="2025-4969"/>
  <issue tracker="cve" id="2025-32913"/>
  <issue tracker="bnc" id="1243423">VUL-0: CVE-2025-4969: libsoup,libsoup2: libsoup: off-by-one out-of-bounds read may lead to infoleak</issue>
  <issue tracker="bnc" id="1241226">VUL-0: CVE-2025-32909: libsoup,libsoup2: NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c</issue>
  <issue tracker="bnc" id="1241263">VUL-0: CVE-2025-32906: libsoup,libsoup2: Out of bounds reads in soup_headers_parse_request()</issue>
  <issue tracker="bnc" id="1243332">VUL-0: CVE-2025-4948: libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup</issue>
  <issue tracker="bnc" id="1241252">VUL-0: CVE-2025-32910: libsoup,libsoup2: null pointer deference on client when server omits the 'realm' parameter in an Unauthorized response with Digest authentication</issue>
  <issue tracker="bnc" id="1241238">VUL-0: CVE-2025-32911: libsoup,libsoup2: Double free on soup_message_headers_get_content_disposition() via "params".</issue>
  <issue tracker="bnc" id="1241162">VUL-0: CVE-2025-32913: libsoup,libsoup2: NULL pointer dereference in soup_message_headers_get_content_disposition</issue>
  <issue tracker="bnc" id="1241214">VUL-0: CVE-2025-32912: libsoup,libsoup2: NULL pointer dereference in SoupAuthDigest</issue>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libsoup2</summary>
  <description>This update for libsoup2 fixes the following issues:

- CVE-2025-4948: Fixed integer underflow in soup_multipart_new_from_message() leading to denial of service (bsc#1243332) 
- CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak (bsc#1243423) 
- CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263) 
- CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226) 
- CVE-2025-32910: Fixed null pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252) 
- CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via "params". (bsc#1241238) 
- CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214) 
- CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162) 
</description>
</patchinfo>