libsoup: fix CVE-2024-52530, CVE-2024-52531 - linux/poky.git

diff options

author	Changqing Li <changqing.li@windriver.com>	2024-11-28 12:56:03 +0800
committer	Steve Sakoman <steve@sakoman.com>	2024-12-06 05:50:25 -0800
commit	51dbc1008484720545db91016bfed12447b1b4f0 (patch)
tree	17a36959b312991ca8dd18bbb303a57002418c3f /scripts/lib/checklayer/case.py
parent	c7d5e09c1011118cecb6494a5782ee1ab0bae3d9 (diff)
download	poky-51dbc1008484720545db91016bfed12447b1b4f0.tar.gz

libsoup: fix CVE-2024-52530, CVE-2024-52531

CVE-2024-52531: GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. Refer: https://nvd.nist.gov/vuln/detail/CVE-2024-52531 CVE-2024-52530: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. Refer: https://nvd.nist.gov/vuln/detail/CVE-2024-52530 (From OE-Core rev: 0af9ac076cdbab70f526520acbbb0c38d237c407) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/checklayer/case.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: