[SECURITY] [DLA 1416-1] libsoup2.4 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1416-1] libsoup2.4 security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Fri, 6 Jul 2018 13:03:35 +0200
Message-id: <[🔎] 40dfaf45-1c9f-f98b-24a1-ed59cd601ce6@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libsoup2.4
Version        : 2.48.0-1+deb8u2
CVE ID         : CVE-2018-12910

It was discovered that the Soup HTTP library performed insuffient
validation of cookie requests which could result in an out-of-bounds
memory read.

For Debian 8 "Jessie", these problems have been fixed in version
2.48.0-1+deb8u2.

We recommend that you upgrade your libsoup2.4 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAls/TIcACgkQnUbEiOQ2
gwL1Dg/+Japis3e0eyOaemNumuAcM+Vg0oPS7xbidk5oEC96C37qZRrysnyCfZDm
i15UUYjYslH1tkNMZHGAMpLkRQTs412/XMBaUHgUr70z7gxt+q5ru5kWYdb0cvpK
P1XoPgSd9KANvJVLoj9SxoDzz6E2Z6oXf6MYk8QFKdEcOHDSPqz0Lr9oSre+TBUd
6nzogkeKSS/5WlVX8ThosU6YViGAt6WXD016/dNLFyQRfSSSMW+Fqpn5oLx5qeDg
KSO60jrvIfjZMjNzN4TA0N/eB8dRw3PBptXfsCJnaWAMfk3fwtdSrGZjrklaJd2m
8CQ+NZjii60XAn+a1EaMUWu7oSmFKvY70r0KGojibrAWKU5lXQNfUkzzGYewJqk+
/b+x7j2UCJ9EQUSbMj/iBfG7duPBjJ+R2duFty/gleNuM36C3O1WyQGMRif0WBWf
1It1ZcOzxIc3nafKZ2oDAFh+jsIYOwyzhbDrKCcg7UqK07qzN1BTZ06DkwPKt/zp
Z7I4DC+QOOqUyhMhXIk27PZ2iHfavC3umcoPTAcv0mKmra9EaVZdl5KRVRfvuDrl
mgH+4tT2h8ee4X888E/ookahC6ZaHWEns2++w+Adwvktf1QdDGRSn3Gl5wWu3M6Q
+ZnnbR7GPw3sbt1O3W02aS1IEhLBI/y3W1IGpkMG4IDSPJ5Hy8A=
=4pZJ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1415-1] phpmyadmin security update
Next by Date: [SECURITY] [DLA-1417-1] ca-certificates security update
Previous by thread: [SECURITY] [DLA 1415-1] phpmyadmin security update
Next by thread: [SECURITY] [DLA-1417-1] ca-certificates security update
Index(es):
- Date
- Thread