UbuntuUpdates.org

Package "libsoup3"

Name: libsoup3

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GObject introspection data for the libsoup HTTP library
  • HTTP library implementation in C -- Shared library
  • HTTP library implementation in C -- Common files
  • HTTP library implementation in C -- Development files
Latest version: 3.6.5-1ubuntu0.2
Release: plucky (25.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libsoup3" in Plucky

Repository Area Version
base main 3.6.5-1
base universe 3.6.5-1
security universe 3.6.5-1ubuntu0.2
security main 3.6.5-1ubuntu0.2
updates universe 3.6.5-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.6.5-1ubuntu0.2 2025-07-17 18:07:17 UTC

  libsoup3 (3.6.5-1ubuntu0.2) plucky-security; urgency=medium

  * SECURITY UPDATE: Denial of service.
    - debian/patches/CVE-2025-32907-*.patch: Add i-- in
      libsoup/soup-message-headers.c. Add B_SANITIZE_OPTION to meson.build.
    - debian/patches/CVE-2025-4948.patch: Add ternary end - 2 - split check in
      libsoup/soup-multipart.c.
    - CVE-2025-32907
    - CVE-2025-4948
  * SECURITY UPDATE: Out of bounds read.
    - debian/patches/CVE-2025-32914.patch: Replace strstr operation with
      g_strstr_len in ./libsoup/soup-multipart.c.
    - debian/patches/CVE-2025-4969.patch: Add extra if checks for start of line
      in libsoup/soup-multipart.c.
    - CVE-2025-32914
    - CVE-2025-4969
  * SECURITY UPDATE: Improper validation of cookie expiration.
    - debian/patches/CVE-2025-4945-*.patch: Add extra date checks in
      libsoup/soup-date-utils.c.
    - CVE-2025-4945

 -- Hlib Korzhynskyy <email address hidden> Wed, 09 Jul 2025 17:13:07 -0230
Source diff to previous version
CVE-2025-32907 A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious c
CVE-2025-4948 A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other application
CVE-2025-32914 A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a maliciou
CVE-2025-4969 A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. Th
CVE-2025-4945 A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises whe

Version: 3.6.5-1ubuntu0.1 2025-05-28 19:07:41 UTC

  libsoup3 (3.6.5-1ubuntu0.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Denial of service.
    - debian/patches/CVE-2025-32908-1.patch: Add NULL checks with returns for
      NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE in
      ./libsoup/server/http2/soup-server-message-io-http2.c.
    - debian/patches/CVE-2025-32908-2.patch: Improve NULL checks in
      ./libsoup/server/http2/soup-server-message-io-http2.c.
    - debian/patches/CVE-2025-4476.patch: Replace strcmp with g_strcmp0 in
      ./libsoup/auth/soup-auth-digest.c.
    - CVE-2025-32908
    - CVE-2025-4476

 -- Hlib Korzhynskyy <email address hidden> Thu, 22 May 2025 14:37:50 -0230
CVE-2025-32908 A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which m
CVE-2025-4476 A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a


About   -   Send Feedback to @ubuntu_updates