More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2325277 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
This is fixed by an upstream change: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407 At least according to the comments there. It's part of the 3.6.1 release, which is in rawhide since 2024-11-25. The f41 was not updated with it. I suggest to update f41 with the latest 3.6.x release. Nieves, would you mind to update the package in Fedora 41, please? Or I can do it, in case you are busy with something else.
I'll update f41.
FEDORA-2025-42ee7772e3 (libsoup3-3.6.4-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2025-42ee7772e3
Thank you, Gwyn. The f40 is at 3.4.5, thus there might be only done a patch set backport, if feasible.
FEDORA-2025-42ee7772e3 has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-42ee7772e3` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-42ee7772e3 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-42ee7772e3 (libsoup3-3.6.4-1.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.