Opened 11 months ago

Closed 11 months ago

Last modified 9 months ago

#21314 closed enhancement (fixed)

libsoup3-3.6.5

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: high Milestone: 12.4
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (5)

comment:1 by Bruce Dubbs, 11 months ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 11 months ago

Changes in libsoup from 3.6.4 to 3.6.5:

  • session: Strip authentication credentials on cross-origin redirects
  • build: Use pkg-config instead of krb5-config for the gssapi dependency
  • http1: When using chunked encoding report an error in case of unexpected stream end
  • http2: When a message has no content still respect its Content-Type
  • http2: Revert manual window size management temporarily, as it could stall
  • sniffer: Fix potential overflows
  • hsts: Fix minor leak
  • headers: Fix a few parsing edge cases that could be an out of bound read
  • connection: Avoid ever calling disconnect twice
  • auth-digest: Fix handling when a nonce isn't present
  • cookies: Limit max size of max-age, path, and domain attributes to 1024 bytes
  • cookies: Limit max size of name and value to 4096 bytes
  • docs: Remove references to old libsoup domain

comment:3 by Bruce Dubbs, 11 months ago

Resolution: fixed
Status: assignedclosed

Fixed at commits 

aa5ce0ed6a Update to libusb-1.0.28.
1b43bce9c1 Update to libarchive-3.7.8 (Security update).
384d2050f6 Update to libidn-1.43.
48773d0cd9 Update to libsoup-3.6.5.

comment:4 by Douglas R. Reno, 9 months ago

Priority: normalhigh

Marked as elevated due to security fixes, see #21576 for issues already fixed in this release.

comment:5 by Douglas R. Reno, 9 months ago

SA-12.3-021 issued for libsoup3 issues that we have fixes for at this time.

Note: See TracTickets for help on using tickets.