Overview

File _patchinfo of Package patchinfo.42589

<patchinfo incident="42589">
  <issue tracker="cve" id="2026-1761"/>
  <issue tracker="cve" id="2026-1536"/>
  <issue tracker="bnc" id="1257440">VUL-0: CVE-2026-1536: libsoup,libsoup2: HTTP header injection or response splitting via CRLF injection in the Content-Disposition header</issue>
  <issue tracker="bnc" id="1257598">VUL-0: CVE-2026-1761: libsoup,libsoup2: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer overflow</issue>
  <packager>JonathanKang</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libsoup</summary>
  <description>This update for libsoup fixes the following issues:

- CVE-2026-1536: Always validate the headers value when coming from untrusted source to avoid HTTP header injection. (bsc#1257440)
- CVE-2026-1761: Check length of bytes read in soup_filter_input_stream_read_until to avoid a stack-based buffer overflow. (bsc#1257598)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places