Source: libsoup2.4 X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerability was published for libsoup2.4. CVE-2024-52530[0]: | GNOME libsoup before 3.6.0 allows HTTP request smuggling in some | configurations because '\0' characters at the end of header names | are ignored, i.e., a "Transfer-Encoding\0: chunked" header is | treated the same as a "Transfer-Encoding: chunked" header. https://gitlab.gnome.org/GNOME/libsoup/-/issues/377 Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b (3.5.2) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-52530 https://www.cve.org/CVERecord?id=CVE-2024-52530 Please adjust the affected versions in the BTS as needed.
