This bug was fixed in the package libsoup2.4 - 2.74.3-6ubuntu1.4
---------------
libsoup2.4 (2.74.3-6ubuntu1.4) noble-security; urgency=medium
* SECURITY REGRESSION: Incomplete fix for CVE-2025-32912 (LP: #2110056)
- debian/patches/CVE-2025-32912-fix1.patch: Replace g_hash_table_contains
with g_hash_table_lookup in ./libsoup/soup-auth-digest.c.
- CVE-2025-32912
-- Hlib Korzhynskyy <hlib.korzhyns...@canonical.com> Tue, 06 May 2025
15:00:18 -0230
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libsoup2.4 in Ubuntu.
https://bugs.launchpad.net/bugs/2110056
Title:
Incomplete fix for CVE-2025-32912
Status in libsoup2.4 package in Ubuntu:
Fix Released
Bug description:
The fix for CVE-2025-32912 as part of USN-7490-1 is incomplete. The
following commit is missing from the updates:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/910ebdcd3dd82386717a201c13c834f3a63eed7f
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libsoup2.4/+bug/2110056/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
