File _patchinfo of Package patchinfo.42859

<patchinfo incident="42859">
  <!--generated  with prepare-update from request 402087-->
  <issue tracker="bnc" id="1240751">VUL-0: CVE-2025-32049: libsoup: Denial of Service attack to websocket server</issue>
  <issue tracker="bnc" id="1258120">VUL-0: CVE-2026-2369: libsoup,libsoup2: Buffer overread due to integer underflow when handling zero-length resources</issue>
  <issue tracker="bnc" id="1258170">VUL-0: CVE-2026-2443: libsoup,libsoup2: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers</issue>
  <issue tracker="bnc" id="1258508">VUL-0: CVE-2026-2708: libsoup,libsoup2: HTTP request smuggling via duplicate Content-Length headers</issue>
  <issue tracker="cve" id="2025-32049"/>
  <issue tracker="cve" id="2026-2369"/>
  <issue tracker="cve" id="2026-2443"/>
  <issue tracker="cve" id="2026-2708"/>
  <category>security</category>
  <rating>important</rating>
  <packager>mgorse</packager>
  <summary>Security update for libsoup</summary>
  <description>This update for libsoup fixes the following issues:

- CVE-2025-32049: denial of Service attack to websocket server (bsc#1240751).
- CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120).
- CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information
  disclosure to remote attackers (bsc#1258170).
- CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508).
</description>
</patchinfo>