Bug 2342288
| Summary: | CVE-2024-52531 libsoup: buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict [fedora-all] | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | libsoup | Assignee: | Gwyn Ciesla <gwync> |
| Status: | NEW --- | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 41 | CC: | danw, gnome-sig, mclasen, mcrha, rhughes, rstrode, tpopela |
| Target Milestone: | --- | Keywords: | Security, SecurityTracking |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | {"flaws": ["48f6e415-a4c1-4f2f-b830-018bd3585b83"]} | ||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2325277 | ||
|
Description
Guilherme de Almeida Suckevicz
2025-01-27 16:27:47 UTC
This might be an upstream change: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407 but it is for the libsoup3. The libsoup(2), aka the 2.74.x branch there: https://gitlab.gnome.org/GNOME/libsoup/-/commits/libsoup-2-74?ref_type=heads did not receive any changes for a long time. Either someone will backport the change, or I'd just skip the libsoup2, because it's kind of deprecated anyway. Just my personal opinion. This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component. This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component. |