More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2325277 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
This might be an upstream change: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407 but it is for the libsoup3. The libsoup(2), aka the 2.74.x branch there: https://gitlab.gnome.org/GNOME/libsoup/-/commits/libsoup-2-74?ref_type=heads did not receive any changes for a long time. Either someone will backport the change, or I'd just skip the libsoup2, because it's kind of deprecated anyway. Just my personal opinion.
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.