-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Jul 2018 18:04:10 +0100 Source: libsoup2.4 Binary: libsoup2.4-dev libsoup2.4-1 libsoup-gnome2.4-1 libsoup-gnome2.4-dev libsoup2.4-doc gir1.2-soup-2.4 Architecture: source Version: 2.56.0-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Iain Lane <laney@debian.org> Description: gir1.2-soup-2.4 - GObject introspection data for the libsoup HTTP library libsoup-gnome2.4-1 - HTTP library implementation in C -- GNOME support library libsoup-gnome2.4-dev - HTTP library implementation in C -- GNOME support development fil libsoup2.4-1 - HTTP library implementation in C -- Shared library libsoup2.4-dev - HTTP library implementation in C -- Development files libsoup2.4-doc - HTTP library implementation in C -- API Reference Changes: libsoup2.4 (2.56.0-2+deb9u2) stretch-security; urgency=high . * Fix out of bounds access in the cookie jar (CVE-2018-12910) - debian/patches/0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch, debian/patches/0002-Add-soup_cookie_jar_get_cookies-with-empty-hostname-.patch: Cherry-pick two patches from upstream: the actual fix and a test for it. Checksums-Sha1: f2dcbae92d5b72a6118108cde4a3c9c0aa593121 2725 libsoup2.4_2.56.0-2+deb9u2.dsc 6796027d4cd5840a632c2b5fa2071a20c8bf8637 20520 libsoup2.4_2.56.0-2+deb9u2.debian.tar.xz 697c7def4c4ae1f0cf92df36dff4c40730087331 14929 libsoup2.4_2.56.0-2+deb9u2_source.buildinfo Checksums-Sha256: 3b533fd4d3c5f362edf745de8758706421f1faf8dcd3bb9e64deb1cc8def5b22 2725 libsoup2.4_2.56.0-2+deb9u2.dsc 070772b8fde95c2fa194187b19f4eba76bfabae2aa2e0d4d4a33d8bf8537a9c2 20520 libsoup2.4_2.56.0-2+deb9u2.debian.tar.xz a815e2b10b7fc4657bfa5885efef52c26c3262ddde5b6978d8d7f49a9568990c 14929 libsoup2.4_2.56.0-2+deb9u2_source.buildinfo Files: 842c72c7a71043687d9171f8ac9e1972 2725 devel optional libsoup2.4_2.56.0-2+deb9u2.dsc c4eef879ec40cb280b8e5ee8cee6cdd9 20520 devel optional libsoup2.4_2.56.0-2+deb9u2.debian.tar.xz 99c055075299e37985fcbd68b6bd9090 14929 devel optional libsoup2.4_2.56.0-2+deb9u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEPQ77lee1I38W6CJY41LVxRxQQdQFAls8iA4ACgkQ41LVxRxQ QdQoAw/8DeM/hSV5wHowzzk8QI5tRObzHOkpftfhfMEG8n3N+OzYH/iRluUg1DId cYLkj9wsOyeWYqJX4wJyb2UvN0Nt4eUwCfKHCcAGz2AC/Z9AOHL3Anlc1wdMb4UM RW9mh5QrO6fiepw7zoIun9cHeUMeMZMvQdXFjgsxero7Uh4ExCvLJoGU3Dw99UPZ Dl3qvNQ8N8wJ1h0JarX1Ul9OIhI6a1PqgTvMYFD99PjV0g206PEb1f2Z7s5pSor8 x/6Ry3v5vtfr0RuTmxLbeeqCob8nr/UTrwvHIbjekJQz1wAeboNzD7wQBgObvuvm VYrW4H4k2OzpjGbMYlru9HhqmJPzYbtRHN7muu2U0uEs45XVAEZJfeW22QRCDzYC aGa74AeCF8vTZJTteQhG0nymDnqoqEpDtjIJU5qGArHwAJg9BCPOZ3AzAKy3c3sw /ZwoN0CVCz5TMbMFmNsqxoNBQX6r9gxuC0DZkDid/Q+QaPUsWp7hUiz6euT+2jRW rgNJOM6kwYh0aDFZzKDPUJQWv6BOUNPqcDcQx3Ef6osavLzgmoqBqAstiHA12LXZ BSXBrWe7m7RCTQsuTMGwvjTDZFkvPSRd5jifz4v4jrRmtL5HB0ObhEYK2XQy/c/W SJPDl5XgM3JoK+5NberUPYL/X/U0yXz6ZU3HS3Q36uNVN49mUD0= =5U07 -----END PGP SIGNATURE-----