libsoup2.4 2.74.2-3ubuntu0.3 source package in Ubuntu
Changelog
libsoup2.4 (2.74.2-3ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: Out of bound read.
- debian/patches/CVE-2025-32906-*.patch: Add out of bound checks in
soup_headers_parse_request in ./libsoup/soup-headers.c.
- debian/patches/CVE-2025-32914.patch: Replace strstr operation with
g_strstr_len in ./libsoup/soup-multipart.c.
- CVE-2025-32906
- CVE-2025-32914
* SECURITY UPDATE: Null pointer dereference.
- debian/patches/CVE-2025-32909.patch: Add resource size check in
./libsoup/soup-content-sniffer.c.
- debian/patches/CVE-2025-32910-32912-*.patch: Add checks for missing realm
and nonce, and fix memory leak in ./libsoup/soup-auth-digest.c.
- debian/patches/CVE-2025-32912.patch: Add additional checks for nonce in
./libsoup/soup-auth-digest.c.
- CVE-2025-32909
- CVE-2025-32910
- CVE-2025-32912
* SECURITY UPDATE: Memory corruption.
- debian/patches/CVE-2025-32911-32913-*.patch: Add checks for empty
filename in ./libsoup/soup-message-headers.c.
- CVE-2025-32911
- CVE-2025-32913
* SECURITY UPDATE: Memory leak.
- debian/patches/CVE-2025-46420.patch: Free allocated strings during
iteration in ./libsoup/soup-headers.c.
- CVE-2025-46420
* SECURITY UPDATE: Information exposure through host impersonation.
- debian/patches/CVE-2025-46421.patch: Strip credentials on cross-origin
redirects in ./libsoup/soup-session.c.
- CVE-2025-46421
* debian/patches/Extend-test-cert-to-2049.patch: Extend expiration to 2049 of
a certificate used for build tests.
-- Hlib Korzhynskyy <email address hidden> Fri, 02 May 2025 16:43:03 -0230
Upload details
- Uploaded by:
- Hlib Korzhynskyy
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- devel
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libsoup2.4_2.74.2.orig.tar.xz | 1.4 MiB | f0a427656e5fe19e1df71c107e88dfa1b2e673c25c547b7823b6018b40d01159 |
| libsoup2.4_2.74.2-3ubuntu0.3.debian.tar.xz | 39.2 KiB | 984c3ace006f4117816d136fb8863cb4231e15000d7e57ea41e38a3f408b3841 |
| libsoup2.4_2.74.2-3ubuntu0.3.dsc | 3.4 KiB | a1f33819c8f1310aa8a8fab70d7479306a9b1499fb4d9e8d04fd9d08c8a54249 |
Available diffs
Binary packages built by this source
- gir1.2-soup-2.4: GObject introspection data for the libsoup HTTP library
This package contains introspection data for the libsoup HTTP library.
.
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the GTK+ programming model (a synchronous operation mode is also
supported for those who want it).
.
It can be used by packages using the GIRepository format to generate
dynamic bindings.
- libsoup-gnome2.4-1: HTTP library implementation in C -- GNOME support library
It was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.
.
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the GTK+ programming model (a synchronous operation mode is also
supported for those who want it).
.
The GNOME support library is used for features which are important to
GNOME apps, but which require GNOME-specific libraries that non-GNOME
apps may not want to add dependencies on.
.
Features:
* Both asynchronous (GMainLoop and callback-based) and synchronous APIs
* Automatically caches connections
* SSL Support using GnuTLS
* Proxy support, including authentication and SSL tunneling
* Client support for Digest, NTLM, and Basic authentication
* Server support for Digest and Basic authentication
* Basic client-side SOAP and XML-RPC support
.
This package contains the GNOME support shared library.
- libsoup-gnome2.4-1-dbgsym: debug symbols for libsoup-gnome2.4-1
- libsoup-gnome2.4-dev: HTTP library implementation in C -- GNOME support development files
It was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.
.
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).
.
The GNOME support library is used for features which are important to
GNOME apps, but which require GNOME-specific libraries that non-GNOME
apps may not want to add dependencies on.
.
Features:
* Both asynchronous (GMainLoop and callback-based) and synchronous APIs
* Automatically caches connections
* SSL Support using GnuTLS
* Proxy support, including authentication and SSL tunneling
* Client support for Digest, NTLM, and Basic authentication
* Server support for Digest and Basic authentication
* Basic client-side SOAP and XML-RPC support
.
This package contains the development files for the GNOME support.
- libsoup2.4-1: HTTP library implementation in C -- Shared library
It was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.
.
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the GTK+ programming model (a synchronous operation mode is also
supported for those who want it).
.
Features:
* Both asynchronous (GMainLoop and callback-based) and synchronous APIs
* Automatically caches connections
* SSL Support using GnuTLS
* Proxy support, including authentication and SSL tunneling
* Client support for Digest, NTLM, and Basic authentication
* Server support for Digest and Basic authentication
* Basic client-side SOAP and XML-RPC support
.
This package contains the shared library.
- libsoup2.4-1-dbgsym: debug symbols for libsoup2.4-1
- libsoup2.4-common: HTTP library implementation in C -- Common files
It was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.
.
This package contains architecture-independent files such as translations.
- libsoup2.4-dev: HTTP library implementation in C -- Development files
It was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.
.
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the GTK+ programming model (a synchronous operation mode is also
supported for those who want it).
.
Features:
* Both asynchronous (GMainLoop and callback-based) and synchronous APIs
* Automatically caches connections
* SSL Support using GnuTLS
* Proxy support, including authentication and SSL tunneling
* Client support for Digest, NTLM, and Basic authentication
* Server support for Digest and Basic authentication
* Basic client-side SOAP and XML-RPC support
.
This package contains the development files.
- libsoup2.4-doc: HTTP library implementation in C -- API Reference
It was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.
.
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the GTK+ programming model (a synchronous operation mode is also
supported for those who want it).
.
Features:
* Both asynchronous (GMainLoop and callback-based) and synchronous APIs
* Automatically caches connections
* SSL Support using GnuTLS
* Proxy support, including authentication and SSL tunneling
* Client support for Digest, NTLM, and Basic authentication
* Server support for Digest and Basic authentication
* Basic client-side SOAP and XML-RPC support
.
This package contains the documentation.
- libsoup2.4-tests: HTTP library implementation in C -- installed tests
libsoup uses the Glib main loop and is designed to work well with GTK+
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the GTK+ programming model (a synchronous operation mode is also
supported for those who want it).
.
This package contains automated tests, mostly for use via autopkgtest.
They can most easily be invoked via the gnome-desktop-testing- runner
tool in the gnome-desktop-testing package.
- libsoup2.4-tests-dbgsym: debug symbols for libsoup2.4-tests
