From ${URL} : PSA: Please update libsoup with the patch from https://bugzilla.gnome.org/show_bug.cgi?id=785774 or take one of the new releases 2.59.90.1, 2.58.2 (gnome-3-24), or 2.56.1 (gnome-3-22). The patch fixes a severe bug which affects libsoup acting as either client or server when dealing with chunked encoding. All versions since 2012 are affected. Credits go to Aleksandar Nikolic of Cisco Talos for finding this issue. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Hello security, just pushed 2.56.1 it the tree. It is ready for stabilization as it appears to contain no other change to the already stable 2.56.0.
ia64 stable
arm stable
amd64 stable
x86 stable
Stable on alpha.
sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9
Since bug 630516 is no regression and 2.56.1 has far less failing tests on sparc than the currently stable 2.56.0 I would suggest marking 2.56.1 stable on sparc.
stable for hppa/sparc (thanks to Rolf Eike Beer)
ppc64 stable
ppc stable Last arch is done here.
Test failures don't block sec bugs.
New GLSA Request filed. @Maintainers please remove vulnerable versions. Gentoo Security Padawan ChrisADR
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3eef0539cac8c5876d9f409e33f095de38ce18c commit a3eef0539cac8c5876d9f409e33f095de38ce18c Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2017-09-26 09:39:07 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2017-09-26 09:40:30 +0000 net-libs/libsoup: security cleanup Bug: https://bugs.gentoo.org/627466 Package-Manager: Portage-2.3.8, Repoman-2.3.2 net-libs/libsoup/Manifest | 1 - net-libs/libsoup/libsoup-2.56.0.ebuild | 88 ---------------------------------- 2 files changed, 89 deletions(-)}
This issue was resolved and addressed in GLSA 201709-26 at https://security.gentoo.org/glsa/201709-26 by GLSA coordinator Aaron Bauman (b-man).
