-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 13 Nov 2024 14:50:50 +0000 Source: libsoup3 Architecture: source Version: 3.6.0-4 Distribution: unstable Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Closes: 1087416 1087417 Changes: libsoup3 (3.6.0-4) unstable; urgency=medium . * d/patches: Add bug fixes from upstream - d/p/server-Add-note-about-recommended-usage.patch: Document the level of security support for the server side. Upstream has clarified the documentation to state that SoupServer is not intended to be exposed to untrusted clients. (Related to CVE-2024-52531, CVE-2024-52532) - d/p/headers-Be-more-robust-against-invalid-input-when-parsing.patch: Fix a buffer overrun if asked to parse non-UTF-8 headers. It is believed that this cannot happen on the client side, but it can happen in SoupServer. (CVE-2024-52531, Closes: #1087417) - d/p/tests-Add-test-for-passing-invalid-UTF-8-to-soup_header_p.patch: Add a test-case for the above - d/p/websocket-process-the-frame-as-soon-as-we-read-data.patch: Avoid an infinite loop in WebSocket processing (CVE-2024-52532, Closes: #1087416) - d/p/websocket-test-disconnect-error-copy-after-the-test-ends.patch: Fix a test failure after resolving CVE-2024-52532 * d/p/websocket-test-Disconnect-error-signal-in-another-place.patch: Add proposed patch to fix another intermittent test failure after resolving CVE-2024-52532 * d/control: libsoup-3.0-tests Depends on ca-certificates. Related to #1054962, #1064744 * d/libsoup-3.0-doc.links: Register reference manual with devhelp * d/libsoup-3.0-doc.links: Create symlinks in /usr/share/doc/libsoup-3.0-{dev,doc} to make the HTML documentation more discoverable Checksums-Sha1: 983fb07db011f040f8352a68d4d8bba15ccdad0c 3182 libsoup3_3.6.0-4.dsc 41d91de795d00820bec5082948a6a171d1463b0a 30184 libsoup3_3.6.0-4.debian.tar.xz 0029242b9eb25368fbe0909ecfc1b0ff3c5201c2 12270 libsoup3_3.6.0-4_source.buildinfo Checksums-Sha256: 72fa03b067e1df24d303b8a83f22a78fa6ad491de28207c1b7f4e2c26bc08b26 3182 libsoup3_3.6.0-4.dsc 5baf44106ebeab018a67fde3042fd46cf4b3e0a050b2b2697f396e131168ca78 30184 libsoup3_3.6.0-4.debian.tar.xz e641587ae1006bfbbf7fd4c02d4be9eb81cd72830af9ff5bfd607e50a659a24d 12270 libsoup3_3.6.0-4_source.buildinfo Files: ba5a3149ca20e403a3fa57813d90c330 3182 devel optional libsoup3_3.6.0-4.dsc 443ccef129d5f00cbad4177c6864fa2d 30184 devel optional libsoup3_3.6.0-4.debian.tar.xz 9572d092b5b0c7e10e56db2efe51598f 12270 devel optional libsoup3_3.6.0-4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmc1ESUACgkQI1wJnT6z MHYuvg//Q9eV9Badpw4XG0JhtSBhVsxs30Fq33JnCBRaNLK4W4hu9lskX5Sb/TG1 lBI0SaUyBw1+/7tqRxAjukq1niclBHoA/FVlkHMIT/TVtT2HJFY5PDvbRQzVDXT+ TGQZvpsDIdmPgaYlkKMFccnmlxkKG4aRFCWZ27NpVv4Eg9qT9rjqz16u8IX/ElsV Tv4e/Dp4DunpN9MvTPqt3C/yW0vueZU2ePExzx//uvK2NSDMkJFyfzXkog/BgI2K FVawH4+Mcr3CKIEV2ij2qmrbWKID8VEEcjznrdZHvbh8IEBZk78dRt+bqxY5bFF9 MiBa9sBEFFTBTdRSMBxYFwK9EvtRo7MutZO1UylRlUmRnbbkseUXzfnhxpMKV3Vf qDbxG9RyqZk+gQnLtnWdIJACc2/rutAtPSVFJoMZdK3rptne5dMSY3FiULZ/8JgK WViptyKfptJo68jWTxdXI8hkKSFIk+ognbvtfzHardMVIC7bznYYpmO3Rw/hI2jZ 8MRLfHN3CwjRc6HytW9v3XdiyvhQG9AgVyPXjsosqN2SYsxKRbaqM7xPeXQctmxd I8ZDH9O+72jfEW6wZ/0u/yQE0EUdY52jYnrPProIH23z3wYUyUPBCBpWSlicyyWM q1p/8BNsRQnZK7AmB1+JV8ZGkPmI/oChfkJGCvJ5fpzt2eHvass= =rQ+K -----END PGP SIGNATURE-----
