Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
67b0ee55 by Salvatore Bonaccorso at 2026-02-04T05:51:10+01:00
Track fixed version for some libsoup3 issues
- - - - -
9b4f319f by Salvatore Bonaccorso at 2026-02-04T05:53:49+01:00
Track fixed version for CVE-2026-0716/libsoup3 via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-1801
- - libsoup3 <unfixed>
+ - libsoup3 3.6.5-8
- libsoup2.4 <removed>
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/481
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/506
@@ -686,7 +686,7 @@ CVE-2026-20401 (In Modem, there is a possible system crash
due to an uncaught ex
CVE-2026-1770 (Improper Control of Dynamically-Managed Code Resources
vulnerability i ...)
NOT-FOR-US: Crafter CMS
CVE-2026-1761 (A flaw was found in libsoup. This stack-based buffer overflow
vulnerab ...)
- - libsoup3 <unfixed> (bug #1126877)
+ - libsoup3 3.6.5-8 (bug #1126877)
[trixie] - libsoup3 <no-dsa> (Minor issue)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <removed>
@@ -695,7 +695,7 @@ CVE-2026-1761 (A flaw was found in libsoup. This
stack-based buffer overflow vul
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/493
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/cfa9d90d1a5c274233554a264c56551c13d6a6f0
CVE-2026-1760 (A flaw was found in SoupServer. This HTTP request smuggling
vulnerabil ...)
- - libsoup3 <unfixed> (bug #1126876)
+ - libsoup3 3.6.5-8 (bug #1126876)
[trixie] - libsoup3 <no-dsa> (Minor issue)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <removed>
@@ -1741,12 +1741,12 @@ CVE-2026-22243 (EGroupware is a Web based groupware
server written in PHP. A SQL
CVE-2026-21865 (Discourse is an open source discussion platform. In versions
prior to ...)
NOT-FOR-US: Discourse
CVE-2026-1539 (A flaw was found in the libsoup HTTP library that can cause
proxy auth ...)
- - libsoup3 <unfixed> (bug #1126628)
+ - libsoup3 3.6.5-8 (bug #1126628)
- libsoup2.4 <removed>
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/489
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/98c1285d9d78662c38bf14b4a128af01ccfdb446
CVE-2026-1536 (A flaw was found in libsoup. An attacker who can control the
input for ...)
- - libsoup3 <unfixed> (bug #1126627)
+ - libsoup3 3.6.5-8 (bug #1126627)
- libsoup2.4 <removed>
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/486
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/5c1a2e9c06a834eb715f60265a877f5b882cc1b1
@@ -2427,7 +2427,7 @@ CVE-2026-1472 (An out-of-band SQL injection vulnerability
(OOB SQLi) has been de
CVE-2026-1470 (n8n contains a critical Remote Code Execution (RCE)
vulnerability in i ...)
NOT-FOR-US: n8n
CVE-2026-1467 (A flaw was found in libsoup, an HTTP client library. This
vulnerabilit ...)
- - libsoup3 <unfixed> (bug #1126548)
+ - libsoup3 3.6.5-8 (bug #1126548)
- libsoup2.4 <removed>
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/488
NOTE:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/167ef0c6817658c1a089c75c462482209e207db4
@@ -9547,7 +9547,7 @@ CVE-2025-13749 (The Clearfy Cache \u2013 WordPress
optimization plugin, Minify H
CVE-2025-13628 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0716 (A flaw was found in libsoup\u2019s WebSocket frame processing
when han ...)
- - libsoup3 <unfixed> (bug #1125156)
+ - libsoup3 3.6.5-9 (bug #1125156)
[trixie] - libsoup3 <no-dsa> (Minor issue)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8fda60d98555ac5f13e8c2ddb04c7f6a360e72aa...9b4f319fcfa817870e840d88caa1d1ce5c13c087
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8fda60d98555ac5f13e8c2ddb04c7f6a360e72aa...9b4f319fcfa817870e840d88caa1d1ce5c13c087
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
