Ubuntu
libsoup2.4 package

libsoup2.4 2.74.3-10.1 source package in Ubuntu

Changelog

libsoup2.4 (2.74.3-10.1) unstable; urgency=high

  * Non-maintainer upload.
  * CVE-2025-32906:
    soup_headers_parse_request() function may be vulnerable to an
    out-of-bound read. This flaw allows a malicious user to use a specially
    crafted HTTP request to crash the HTTP server (Closes: #1103521).
  * CVE-2025-32909:
    SoupContentSniffer may be vulnerable to a NULL pointer dereference in
    the sniff_mp4 function. The HTTP server may cause the libsoup client to
    crash (Closes: #1103517).
  * CVE-2025-32910:
    soup_auth_digest_authenticate() is vulnerable to a NULL pointer
    dereference. This issue may cause the libsoup client to crash
    (Closes: #1103516).
  * CVE-2025-32911:
    use-after-free memory issue not on the heap in the
    soup_message_headers_get_content_disposition() function. This flaw
    allows a malicious HTTP client to cause memory corruption in the libsoup
    server (Closes: #1103515).
  * CVE-2025-32913:
    the soup_message_headers_get_content_disposition() function is
    vulnerable to a NULL pointer dereference. This flaw allows a malicious
    HTTP peer to crash a libsoup client or server that uses this function.
    (same fix for both CVE-2025-32911 and CVE-2025-32913)
  * CVE-2025-32912:
    SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP
    server may cause the libsoup client to crash.
  * CVE-2025-32914:
    the soup_multipart_new_from_message() function is vulnerable to an
    out-of-bounds read. This flaw allows a malicious HTTP client to induce the
    libsoup server to read out of bounds (Closes: #1103512).
  * CVE-2025-46420:
    the soup_header_parse_quality_list() function is vulnerable to memory
    leaks when parsing a quality list that contains elements with all zeroes
    (Closes: #1104055).

 -- Sean Whitton <email address hidden>  Sat, 03 May 2025 17:11:55 +0800

Upload details

Uploaded by:
Debian GNOME Maintainers
Uploaded to:
Sid
Original maintainer:
Debian GNOME Maintainers
Architectures:
any all
Section:
oldlibs
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
libsoup2.4_2.74.3-10.1.dsc 3.4 KiB 63037e6fdeb35c467c0cb53965e2993cbbb726a144895d67e195cb82246da916
libsoup2.4_2.74.3.orig.tar.xz 1.4 MiB e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13
libsoup2.4_2.74.3-10.1.debian.tar.xz 40.5 KiB 9da0db7d0eb8cd6d1ea5f52d512dd1c449b8d25877e12329992ec85e6916f3c2

Available diffs

No changes file available.

Binary packages built by this source

gir1.2-soup-2.4: GObject introspection data for the libsoup HTTP library

 This package contains introspection data for the libsoup HTTP library.
 .
 libsoup uses the Glib main loop and is designed to work well with GTK+
 applications. This enables GNOME applications to access HTTP servers
 on the network in a completely asynchronous fashion, very similar to
 the GTK+ programming model (a synchronous operation mode is also
 supported for those who want it).
 .
 It can be used by packages using the GIRepository format to generate
 dynamic bindings.

libsoup-2.4-1: HTTP library implementation in C -- Shared library

 It was originally part of a SOAP (Simple Object Access Protocol)
 implementation called Soup, but the SOAP and non-SOAP parts have now been
 split into separate packages.
 .
 libsoup uses the Glib main loop and is designed to work well with GTK+
 applications. This enables GNOME applications to access HTTP servers
 on the network in a completely asynchronous fashion, very similar to
 the GTK+ programming model (a synchronous operation mode is also
 supported for those who want it).
 .
 Features:
  * Both asynchronous (GMainLoop and callback-based) and synchronous APIs
  * Automatically caches connections
  * SSL Support using GnuTLS
  * Proxy support, including authentication and SSL tunneling
  * Client support for Digest, NTLM, and Basic authentication
  * Server support for Digest and Basic authentication
  * Basic client-side SOAP and XML-RPC support
 .
 This package contains the shared library.

libsoup-2.4-1-dbgsym: debug symbols for libsoup-2.4-1
libsoup-gnome-2.4-1: HTTP library implementation in C -- GNOME support library

 It was originally part of a SOAP (Simple Object Access Protocol)
 implementation called Soup, but the SOAP and non-SOAP parts have now been
 split into separate packages.
 .
 libsoup uses the Glib main loop and is designed to work well with GTK+
 applications. This enables GNOME applications to access HTTP servers
 on the network in a completely asynchronous fashion, very similar to
 the GTK+ programming model (a synchronous operation mode is also
 supported for those who want it).
 .
 The GNOME support library is used for features which are important to
 GNOME apps, but which require GNOME-specific libraries that non-GNOME
 apps may not want to add dependencies on.
 .
 Features:
  * Both asynchronous (GMainLoop and callback-based) and synchronous APIs
  * Automatically caches connections
  * SSL Support using GnuTLS
  * Proxy support, including authentication and SSL tunneling
  * Client support for Digest, NTLM, and Basic authentication
  * Server support for Digest and Basic authentication
  * Basic client-side SOAP and XML-RPC support
 .
 This package contains the GNOME support shared library.

libsoup-gnome-2.4-1-dbgsym: debug symbols for libsoup-gnome-2.4-1
libsoup-gnome2.4-dev: HTTP library implementation in C -- GNOME support development files

 It was originally part of a SOAP (Simple Object Access Protocol)
 implementation called Soup, but the SOAP and non-SOAP parts have now been
 split into separate packages.
 .
 libsoup uses the Glib main loop and is designed to work well with GTK+
 applications. This enables GNOME applications to access HTTP servers
 on the network in a completely asynchronous fashion, very similar to
 the Gtk+ programming model (a synchronous operation mode is also
 supported for those who want it).
 .
 The GNOME support library is used for features which are important to
 GNOME apps, but which require GNOME-specific libraries that non-GNOME
 apps may not want to add dependencies on.
 .
 Features:
  * Both asynchronous (GMainLoop and callback-based) and synchronous APIs
  * Automatically caches connections
  * SSL Support using GnuTLS
  * Proxy support, including authentication and SSL tunneling
  * Client support for Digest, NTLM, and Basic authentication
  * Server support for Digest and Basic authentication
  * Basic client-side SOAP and XML-RPC support
 .
 This package contains the development files for the GNOME support.

libsoup2.4-common: HTTP library implementation in C -- Common files

 It was originally part of a SOAP (Simple Object Access Protocol)
 implementation called Soup, but the SOAP and non-SOAP parts have now been
 split into separate packages.
 .
 This package contains architecture-independent files such as translations.

libsoup2.4-dev: HTTP library implementation in C -- Development files

 It was originally part of a SOAP (Simple Object Access Protocol)
 implementation called Soup, but the SOAP and non-SOAP parts have now been
 split into separate packages.
 .
 libsoup uses the Glib main loop and is designed to work well with GTK+
 applications. This enables GNOME applications to access HTTP servers
 on the network in a completely asynchronous fashion, very similar to
 the GTK+ programming model (a synchronous operation mode is also
 supported for those who want it).
 .
 Features:
  * Both asynchronous (GMainLoop and callback-based) and synchronous APIs
  * Automatically caches connections
  * SSL Support using GnuTLS
  * Proxy support, including authentication and SSL tunneling
  * Client support for Digest, NTLM, and Basic authentication
  * Server support for Digest and Basic authentication
  * Basic client-side SOAP and XML-RPC support
 .
 This package contains the development files.

libsoup2.4-doc: HTTP library implementation in C -- API Reference

 It was originally part of a SOAP (Simple Object Access Protocol)
 implementation called Soup, but the SOAP and non-SOAP parts have now been
 split into separate packages.
 .
 libsoup uses the Glib main loop and is designed to work well with GTK+
 applications. This enables GNOME applications to access HTTP servers
 on the network in a completely asynchronous fashion, very similar to
 the GTK+ programming model (a synchronous operation mode is also
 supported for those who want it).
 .
 Features:
  * Both asynchronous (GMainLoop and callback-based) and synchronous APIs
  * Automatically caches connections
  * SSL Support using GnuTLS
  * Proxy support, including authentication and SSL tunneling
  * Client support for Digest, NTLM, and Basic authentication
  * Server support for Digest and Basic authentication
  * Basic client-side SOAP and XML-RPC support
 .
 This package contains the documentation.

libsoup2.4-tests: HTTP library implementation in C -- installed tests

 libsoup uses the Glib main loop and is designed to work well with GTK+
 applications. This enables GNOME applications to access HTTP servers
 on the network in a completely asynchronous fashion, very similar to
 the GTK+ programming model (a synchronous operation mode is also
 supported for those who want it).
 .
 This package contains automated tests, mostly for use via autopkgtest.
 They can most easily be invoked via the gnome-desktop-testing-runner
 tool in the gnome-desktop-testing package.

libsoup2.4-tests-dbgsym: debug symbols for libsoup2.4-tests