libsoup2.4 2.70.0-1ubuntu0.3 source package in Ubuntu
Changelog
libsoup2.4 (2.70.0-1ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: Out of bound read.
- debian/patches/CVE-2025-32906-*.patch: Add out of bound checks in
soup_headers_parse_request in ./libsoup/soup-headers.c.
- debian/patches/CVE-2025-32914.patch: Replace strstr operation with
g_strstr_len in ./libsoup/soup-multipart.c.
- CVE-2025-32906
- CVE-2025-32914
* SECURITY UPDATE: Null pointer dereference.
- debian/patches/CVE-2025-32909.patch: Add resource size check in
./libsoup/soup-content-sniffer.c.
- debian/patches/CVE-2025-32910-32912-*.patch: Add checks for missing realm
and nonce, and fix memory leak in ./libsoup/soup-auth-digest.c.
- debian/patches/CVE-2025-32912.patch: Add additional checks for nonce in
./libsoup/soup-auth-digest.c.
- CVE-2025-32909
- CVE-2025-32910
- CVE-2025-32912
* SECURITY UPDATE: Memory corruption.
- debian/patches/CVE-2025-32911-32913-*.patch: Add checks for empty
filename in ./libsoup/soup-message-headers.c.
- CVE-2025-32911
- CVE-2025-32913
* SECURITY UPDATE: Memory leak.
- debian/patches/CVE-2025-46420.patch: Free allocated strings during
iteration in ./libsoup/soup-headers.c.
- CVE-2025-46420
* SECURITY UPDATE: Information exposure through host impersonation.
- debian/patches/CVE-2025-46421.patch: Strip credentials on cross-origin
redirects in ./libsoup/soup-session.c.
- CVE-2025-46421
* debian/patches/Extend-test-cert-to-2049.patch: Extend expiration to 2049 of
a certificate used for build tests.
-- Hlib Korzhynskyy <email address hidden> Fri, 02 May 2025 16:54:30 -0230
Upload details
- Uploaded by:
- Hlib Korzhynskyy
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- devel
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libsoup2.4_2.70.0.orig.tar.xz | 1.4 MiB | 54b020f74aefa438918d8e53cff62e2b1e59efe2de53e06b19a4b07b1f4d5342 |
| libsoup2.4_2.70.0-1ubuntu0.3.debian.tar.xz | 35.2 KiB | 40fc2a23ce65fcbeb439c567322d2f8a55b4a522b4e151de11f906e2eafd6f16 |
| libsoup2.4_2.70.0-1ubuntu0.3.dsc | 3.3 KiB | 3a17bc2da73af158c73137b10e39fad21fbef928c3c5fc10d466fa12231860c5 |
Available diffs
Binary packages built by this source
- gir1.2-soup-2.4: GObject introspection data for the libsoup HTTP library
This package contains introspection data for the libsoup HTTP library.
.
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the GTK+ programming model (a synchronous operation mode is also
supported for those who want it).
.
It can be used by packages using the GIRepository format to generate
dynamic bindings.
- libsoup-gnome2.4-1: HTTP library implementation in C -- GNOME support library
It was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.
.
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the GTK+ programming model (a synchronous operation mode is also
supported for those who want it).
.
The GNOME support library is used for features which are important to
GNOME apps, but which require GNOME-specific libraries that non-GNOME
apps may not want to add dependencies on.
.
Features:
* Both asynchronous (GMainLoop and callback-based) and synchronous APIs
* Automatically caches connections
* SSL Support using GnuTLS
* Proxy support, including authentication and SSL tunneling
* Client support for Digest, NTLM, and Basic authentication
* Server support for Digest and Basic authentication
* Basic client-side SOAP and XML-RPC support
.
This package contains the GNOME support shared library.
- libsoup-gnome2.4-1-dbgsym: debug symbols for libsoup-gnome2.4-1
- libsoup-gnome2.4-dev: HTTP library implementation in C -- GNOME support development files
It was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.
.
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).
.
The GNOME support library is used for features which are important to
GNOME apps, but which require GNOME-specific libraries that non-GNOME
apps may not want to add dependencies on.
.
Features:
* Both asynchronous (GMainLoop and callback-based) and synchronous APIs
* Automatically caches connections
* SSL Support using GnuTLS
* Proxy support, including authentication and SSL tunneling
* Client support for Digest, NTLM, and Basic authentication
* Server support for Digest and Basic authentication
* Basic client-side SOAP and XML-RPC support
.
This package contains the development files for the GNOME support.
- libsoup2.4-1: HTTP library implementation in C -- Shared library
It was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.
.
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the GTK+ programming model (a synchronous operation mode is also
supported for those who want it).
.
Features:
* Both asynchronous (GMainLoop and callback-based) and synchronous APIs
* Automatically caches connections
* SSL Support using GnuTLS
* Proxy support, including authentication and SSL tunneling
* Client support for Digest, NTLM, and Basic authentication
* Server support for Digest and Basic authentication
* Basic client-side SOAP and XML-RPC support
.
This package contains the shared library.
- libsoup2.4-1-dbgsym: debug symbols for libsoup2.4-1
- libsoup2.4-dev: HTTP library implementation in C -- Development files
It was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.
.
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the GTK+ programming model (a synchronous operation mode is also
supported for those who want it).
.
Features:
* Both asynchronous (GMainLoop and callback-based) and synchronous APIs
* Automatically caches connections
* SSL Support using GnuTLS
* Proxy support, including authentication and SSL tunneling
* Client support for Digest, NTLM, and Basic authentication
* Server support for Digest and Basic authentication
* Basic client-side SOAP and XML-RPC support
.
This package contains the development files.
- libsoup2.4-doc: HTTP library implementation in C -- API Reference
It was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.
.
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the GTK+ programming model (a synchronous operation mode is also
supported for those who want it).
.
Features:
* Both asynchronous (GMainLoop and callback-based) and synchronous APIs
* Automatically caches connections
* SSL Support using GnuTLS
* Proxy support, including authentication and SSL tunneling
* Client support for Digest, NTLM, and Basic authentication
* Server support for Digest and Basic authentication
* Basic client-side SOAP and XML-RPC support
.
This package contains the documentation.
- libsoup2.4-tests: HTTP library implementation in C -- installed tests
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the GTK+ programming model (a synchronous operation mode is also
supported for those who want it).
.
This package contains automated tests, mostly for use via autopkgtest.
They can most easily be invoked via the gnome-desktop-testing- runner
tool in the gnome-desktop-testing package.
- libsoup2.4-tests-dbgsym: debug symbols for libsoup2.4-tests
