Debian Bug report logs - #635837
CVE-2011-2524: SoupServer directory traversal

version graph

Package: libsoup2.4; Maintainer for libsoup2.4 is Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Thu, 28 Jul 2011 22:27:07 UTC

Severity: grave

Tags: security

Found in versions 2.30.2-1, 2.4.1-2

Fixed in versions libsoup2.4/2.34.3-1, libsoup2.4/2.30.2-1+squeeze1, libsoup2.4/2.4.1-2+lenny1

Done: Nico Golde <nion@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#635837; Package libsoup2.4. (Thu, 28 Jul 2011 22:27:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>. (Thu, 28 Jul 2011 22:27:10 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2011-2524: SoupServer directory traversal
Date: Fri, 29 Jul 2011 00:27:56 +0200
Package: libsoup2.4
Severity: grave
Tags: security

Please see the following references:
https://bugzilla.redhat.com/show_bug.cgi?id=720509
https://bugzilla.gnome.org/show_bug.cgi?id=653258
http://git.gnome.org/browse/libsoup/commit/?id=cbeeb7a0f7f0e8b16f2d382157496f9100218dea
http://git.gnome.org/browse/libsoup/commit/?h=gnome-3-0&id=51eb8798c3965b49f3010db82009d36429f28514

Cheers,
        Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash




Reply sent to Michael Biebl <biebl@debian.org>:
You have taken responsibility. (Fri, 29 Jul 2011 02:54:03 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Fri, 29 Jul 2011 02:54:16 GMT) Full text and rfc822 format available.

Message #10 received at 635837-close@bugs.debian.org (full text, mbox):

From: Michael Biebl <biebl@debian.org>
To: 635837-close@bugs.debian.org
Subject: Bug#635837: fixed in libsoup2.4 2.34.3-1
Date: Fri, 29 Jul 2011 02:50:51 +0000
Source: libsoup2.4
Source-Version: 2.34.3-1

We believe that the bug you reported is fixed in the latest version of
libsoup2.4, which is due to be installed in the Debian FTP archive:

gir1.2-soup-2.4_2.34.3-1_i386.deb
  to main/libs/libsoup2.4/gir1.2-soup-2.4_2.34.3-1_i386.deb
libsoup-gnome2.4-1_2.34.3-1_i386.deb
  to main/libs/libsoup2.4/libsoup-gnome2.4-1_2.34.3-1_i386.deb
libsoup-gnome2.4-dev_2.34.3-1_i386.deb
  to main/libs/libsoup2.4/libsoup-gnome2.4-dev_2.34.3-1_i386.deb
libsoup2.4-1_2.34.3-1_i386.deb
  to main/libs/libsoup2.4/libsoup2.4-1_2.34.3-1_i386.deb
libsoup2.4-dbg_2.34.3-1_i386.deb
  to main/libs/libsoup2.4/libsoup2.4-dbg_2.34.3-1_i386.deb
libsoup2.4-dev_2.34.3-1_i386.deb
  to main/libs/libsoup2.4/libsoup2.4-dev_2.34.3-1_i386.deb
libsoup2.4-doc_2.34.3-1_all.deb
  to main/libs/libsoup2.4/libsoup2.4-doc_2.34.3-1_all.deb
libsoup2.4_2.34.3-1.debian.tar.gz
  to main/libs/libsoup2.4/libsoup2.4_2.34.3-1.debian.tar.gz
libsoup2.4_2.34.3-1.dsc
  to main/libs/libsoup2.4/libsoup2.4_2.34.3-1.dsc
libsoup2.4_2.34.3.orig.tar.bz2
  to main/libs/libsoup2.4/libsoup2.4_2.34.3.orig.tar.bz2



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 635837@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated libsoup2.4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 29 Jul 2011 03:44:00 +0200
Source: libsoup2.4
Binary: libsoup2.4-dev libsoup2.4-1 libsoup2.4-dbg libsoup-gnome2.4-1 libsoup-gnome2.4-dev libsoup2.4-doc gir1.2-soup-2.4
Architecture: source all i386
Version: 2.34.3-1
Distribution: unstable
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description: 
 gir1.2-soup-2.4 - GObject introspection data for the libsoup HTTP library
 libsoup-gnome2.4-1 - HTTP library implementation in C -- GNOME support library
 libsoup-gnome2.4-dev - HTTP library implementation in C -- GNOME support development fil
 libsoup2.4-1 - HTTP library implementation in C -- Shared library
 libsoup2.4-dbg - HTTP library implementation in C -- debugging symbols
 libsoup2.4-dev - HTTP library implementation in C -- Development files
 libsoup2.4-doc - HTTP library implementation in C -- API Reference
Closes: 635837
Changes: 
 libsoup2.4 (2.34.3-1) unstable; urgency=high
 .
   * New upstream release.
     - Fixes CVE-2011-2524: SoupServer directory traversal vulnerability.
       Closes: #635837
   * debian/watch: Switch to .bz2 tarballs.
   * debian/patches/01_memleaks.patch: Remove, merged upstream.
   * Bump Standards-Version to 3.9.2. No further changes.
   * Bump debhelper compatibility level to 8.
     - Update Build-Depends on debhelper.
     - Strip debian/tmp/ from .install files.
   * Urgency high for the security fix.
Checksums-Sha1: 
 2ed02c9dc064b79744fa6c4c2b647c38c91990f1 2410 libsoup2.4_2.34.3-1.dsc
 ea2354aa01f52ce3c9e40175c4d5ec9f9d46c039 697132 libsoup2.4_2.34.3.orig.tar.bz2
 b4d70cb06eeeb38bc7aa3ee969d24b6f1f03d595 14562 libsoup2.4_2.34.3-1.debian.tar.gz
 0a3681ff8abf16be17579b6bcd05d1afaba579f2 230678 libsoup2.4-doc_2.34.3-1_all.deb
 eb26096f270278483e7daf037be319a687b4c467 320376 libsoup2.4-dev_2.34.3-1_i386.deb
 fd5dff75d187a62d9f34bd7367a5c23347f4178e 206276 libsoup2.4-1_2.34.3-1_i386.deb
 955a02d2ebe72bf1b3563b9abb9da1bc8873b9bf 369196 libsoup2.4-dbg_2.34.3-1_i386.deb
 8f4ac7989436e8ecd6c68ccee783aea55fbaa4a4 42346 libsoup-gnome2.4-1_2.34.3-1_i386.deb
 472a17ca7e1818c3f465686497bff6c089c32d48 43728 libsoup-gnome2.4-dev_2.34.3-1_i386.deb
 baf431a5ce6c5d072459bea8d698389ae9cb52bb 56950 gir1.2-soup-2.4_2.34.3-1_i386.deb
Checksums-Sha256: 
 68221ee128e116c0ba8be0356130d3370bd70b8e688f7606a40d3fc9e9c40099 2410 libsoup2.4_2.34.3-1.dsc
 940fa2777542e564ba7052252ee065adc6c7982c0cae56a4c541a04329fc7dc7 697132 libsoup2.4_2.34.3.orig.tar.bz2
 d77f4b08694018b5772fc95bb0727306293618fe5533f7542791e5f962e093aa 14562 libsoup2.4_2.34.3-1.debian.tar.gz
 7daf2a7d48fc2bf71d2328f7ac0fc224c9c821b6e51c2122433bbda0f5896850 230678 libsoup2.4-doc_2.34.3-1_all.deb
 7354eb966abe520ba372acc1142f6bc26fb97121037681947ca60a4a2366208a 320376 libsoup2.4-dev_2.34.3-1_i386.deb
 ec208da48d3849e45ee68f915012d452b5db828bc8460edbef5a45493829fda9 206276 libsoup2.4-1_2.34.3-1_i386.deb
 4cae3b8a5096ae01151ae4b92717a382af2d116d17c25d284439b968c4dfb943 369196 libsoup2.4-dbg_2.34.3-1_i386.deb
 c7bc0e031965c9e22c23b9a870d1733607cf99bad619fdab642bde960628b3c0 42346 libsoup-gnome2.4-1_2.34.3-1_i386.deb
 d20555997cf2ecba784eb8e0113dae1220efe50faf97a63a78f7ad3b52bfeb55 43728 libsoup-gnome2.4-dev_2.34.3-1_i386.deb
 b48f11a992050a984d45914ff3cfbdbfa379746a36ffa8eb722af7303929c13c 56950 gir1.2-soup-2.4_2.34.3-1_i386.deb
Files: 
 dd1208877365ea4c63c7e2ee79f185cf 2410 devel optional libsoup2.4_2.34.3-1.dsc
 7112d198724f8d29fac4647ef400e39b 697132 devel optional libsoup2.4_2.34.3.orig.tar.bz2
 dd33a875371600b8eb8a335d10aaf903 14562 devel optional libsoup2.4_2.34.3-1.debian.tar.gz
 f81d2c36676dbc41325d886d4f7bc690 230678 doc optional libsoup2.4-doc_2.34.3-1_all.deb
 7f14453230bc2e74d0694f1fb197f2d4 320376 libdevel optional libsoup2.4-dev_2.34.3-1_i386.deb
 a34bf69e6f53ad8480762f1172368116 206276 libs optional libsoup2.4-1_2.34.3-1_i386.deb
 24fa7edd3cceffba230581fc7280b3dd 369196 debug extra libsoup2.4-dbg_2.34.3-1_i386.deb
 4c8f897ecb3186a841b4f1ca0b19948f 42346 libs optional libsoup-gnome2.4-1_2.34.3-1_i386.deb
 72939cc0676786cc6b8a4e86d28379b7 43728 libdevel optional libsoup-gnome2.4-dev_2.34.3-1_i386.deb
 6c5ae330a4bf16111d7e4ee8082f2510 56950 libs optional gir1.2-soup-2.4_2.34.3-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJOMhI4AAoJEGrh3w1gjyLcEk0QAJeWh8SeVqzp24L4joSU+NpK
uOittlYvjAqIgaYeEaphjfubeEFD4C7mJr3n40C850k0fBARzJZatzsm7J2ap4dB
BZ/y5FsP+6J9WYNDGddqneilBzdSho0LmTDOtdsnQH418IrSrlmR6aYo5T9YHbLS
wOIp7h+H24VTChNuQIdH8RpazRsJLTGHFJ/wAx13KhCL1f1BUpTW3jO9S6uwi1qQ
vbmhyQt0Rssw/TKMuys9HH0jtt9Tmvp1WFzMwJa7MZ2awR/JjZ2UpOAfcbJHtfRD
V5V9B5XZt4REBGVb+Mv/hW6FCo2j4TLVaKK/EfNN7bZS0La/qbsGweh2udC2VlMO
WsDLZQ+S3klfpqbBc9zdAqSOF5gshe9zUdJjn36KjjL8P+nEUjcXABNMIWkSXwP0
fODjXFkEGj6Hy0oqeVr44EHdPRbjutjxAL3EV3VMt9P6bq/DyJr4uGflCcrox3YS
qfMHMWMfzretTWZocSk1h9/5Irg2JLcrZ4IqfFfFvao/1rl7xYUjuejH+6N9E3l8
OrYZzZa7v23VK79pfkKAhLiA+9zkijG5QHRpEY+POkhxnIjTc4YaGX7knoairPaF
Ln+9KllK3XR6FttX8L8Kpyjfm4CGroiA/dczYck0flG99Wp7v+DZjOvf6UFO3NZk
+orDc+HKpwHJrmbuWuPG
=EZzv
-----END PGP SIGNATURE-----





Bug Marked as found in versions 2.4.1-2. Request was from Andreas Henriksson <andreas@fatal.se> to control@bugs.debian.org. (Tue, 02 Aug 2011 13:51:03 GMT) Full text and rfc822 format available.

Bug Marked as found in versions 2.30.2-1. Request was from Andreas Henriksson <andreas@fatal.se> to control@bugs.debian.org. (Tue, 02 Aug 2011 13:51:04 GMT) Full text and rfc822 format available.

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Fri, 23 Dec 2011 07:57:17 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Fri, 23 Dec 2011 07:57:21 GMT) Full text and rfc822 format available.

Message #19 received at 635837-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 635837-close@bugs.debian.org
Subject: Bug#635837: fixed in libsoup2.4 2.30.2-1+squeeze1
Date: Fri, 23 Dec 2011 07:55:15 +0000
Source: libsoup2.4
Source-Version: 2.30.2-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
libsoup2.4, which is due to be installed in the Debian FTP archive:

libsoup-gnome2.4-1_2.30.2-1+squeeze1_amd64.deb
  to main/libs/libsoup2.4/libsoup-gnome2.4-1_2.30.2-1+squeeze1_amd64.deb
libsoup-gnome2.4-dev_2.30.2-1+squeeze1_amd64.deb
  to main/libs/libsoup2.4/libsoup-gnome2.4-dev_2.30.2-1+squeeze1_amd64.deb
libsoup2.4-1_2.30.2-1+squeeze1_amd64.deb
  to main/libs/libsoup2.4/libsoup2.4-1_2.30.2-1+squeeze1_amd64.deb
libsoup2.4-dbg_2.30.2-1+squeeze1_amd64.deb
  to main/libs/libsoup2.4/libsoup2.4-dbg_2.30.2-1+squeeze1_amd64.deb
libsoup2.4-dev_2.30.2-1+squeeze1_amd64.deb
  to main/libs/libsoup2.4/libsoup2.4-dev_2.30.2-1+squeeze1_amd64.deb
libsoup2.4-doc_2.30.2-1+squeeze1_all.deb
  to main/libs/libsoup2.4/libsoup2.4-doc_2.30.2-1+squeeze1_all.deb
libsoup2.4_2.30.2-1+squeeze1.debian.tar.gz
  to main/libs/libsoup2.4/libsoup2.4_2.30.2-1+squeeze1.debian.tar.gz
libsoup2.4_2.30.2-1+squeeze1.dsc
  to main/libs/libsoup2.4/libsoup2.4_2.30.2-1+squeeze1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 635837@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated libsoup2.4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 21 Dec 2011 19:36:22 +0000
Source: libsoup2.4
Binary: libsoup2.4-dev libsoup2.4-1 libsoup2.4-dbg libsoup-gnome2.4-1 libsoup-gnome2.4-dev libsoup2.4-doc
Architecture: source all amd64
Version: 2.30.2-1+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 libsoup-gnome2.4-1 - an HTTP library implementation in C -- GNOME support library
 libsoup-gnome2.4-dev - an HTTP library implementation in C -- GNOME support development
 libsoup2.4-1 - an HTTP library implementation in C -- Shared library
 libsoup2.4-dbg - an HTTP library implementation in C -- debugging symbols
 libsoup2.4-dev - an HTTP library implementation in C -- Development files
 libsoup2.4-doc - an HTTP library implementation in C -- API Reference
Closes: 635837
Changes: 
 libsoup2.4 (2.30.2-1+squeeze1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix directory traversal vulnerability through crafted HTTP requests
     (CVE-2011-2524; Closes: #635837)
Checksums-Sha1: 
 ad2ed5a765d9ce58d887195af2fa9dae5487ef48 1729 libsoup2.4_2.30.2-1+squeeze1.dsc
 35197cd3e2cf650a06c5bc5a5294dd4cfc9ba27e 874026 libsoup2.4_2.30.2.orig.tar.gz
 ebee6da006f3666a57476a1403328a941f39e156 15817 libsoup2.4_2.30.2-1+squeeze1.debian.tar.gz
 cbda41ed02e9129858a4d77164ec434bcb9dcaac 226354 libsoup2.4-doc_2.30.2-1+squeeze1_all.deb
 b15eff6e4563eb73349f44384ff41e0248d7066d 236318 libsoup2.4-dev_2.30.2-1+squeeze1_amd64.deb
 9b9e31a3232f45603761c4cdd298ed3625efb5e3 175966 libsoup2.4-1_2.30.2-1+squeeze1_amd64.deb
 3bac3f3b809c27f24dfa031aa7ac0f7d6171ead4 316748 libsoup2.4-dbg_2.30.2-1+squeeze1_amd64.deb
 e86b2c486ea8892ce97e9c4a7c5eb02fc35af84c 41088 libsoup-gnome2.4-1_2.30.2-1+squeeze1_amd64.deb
 f49d99b942791f8b3b2e05b6f9aad651781db4b3 41642 libsoup-gnome2.4-dev_2.30.2-1+squeeze1_amd64.deb
Checksums-Sha256: 
 41a8ede672e61dc9b2196faf6c086daf6d44e89a51bf7f2693755c3b5c90720c 1729 libsoup2.4_2.30.2-1+squeeze1.dsc
 2671132c247329cdcc26884ad9ee77def8701ffeaaaa6fbf723406abd22ffc58 874026 libsoup2.4_2.30.2.orig.tar.gz
 7edeb62a7b217bcd8ebada3e7896fa2c8b75c27bd75cd07ea141f168d55f964e 15817 libsoup2.4_2.30.2-1+squeeze1.debian.tar.gz
 bca98a5fcc12e3d5b46a35f76009a99e93f6e725290b35171fa160f1baedf9a5 226354 libsoup2.4-doc_2.30.2-1+squeeze1_all.deb
 0898adce5e4d6677408bf80ceea935e330ba1704e7ecfc9413d9c705d110c690 236318 libsoup2.4-dev_2.30.2-1+squeeze1_amd64.deb
 92e87160c8c2113f7e1ac1ff57414cb6c034f6c66c9cdf7fb1cc1e26eb9edd23 175966 libsoup2.4-1_2.30.2-1+squeeze1_amd64.deb
 f41d07a84976b736db304b3abccb9c6aa6ab906ad4ae9da157c12fd534c0c271 316748 libsoup2.4-dbg_2.30.2-1+squeeze1_amd64.deb
 8c921dda764d4b30fc58c8326cfb2783b4f070c9481266914ea43ef298fe183c 41088 libsoup-gnome2.4-1_2.30.2-1+squeeze1_amd64.deb
 38cb981417e6bc74354ece5120ac71c932b18bdde069d9d3ab77387ed50c5588 41642 libsoup-gnome2.4-dev_2.30.2-1+squeeze1_amd64.deb
Files: 
 877b559fb4f932480e914e88da1bf482 1729 devel optional libsoup2.4_2.30.2-1+squeeze1.dsc
 3f131ab86834bb2b5e0190177910c25d 874026 devel optional libsoup2.4_2.30.2.orig.tar.gz
 b2a7a95e97929bf3647ae9e30503175a 15817 devel optional libsoup2.4_2.30.2-1+squeeze1.debian.tar.gz
 c04bef0d565e20d7c843115f745e0a8a 226354 doc optional libsoup2.4-doc_2.30.2-1+squeeze1_all.deb
 8a341fcb342b5ee741a106128c008e1a 236318 libdevel optional libsoup2.4-dev_2.30.2-1+squeeze1_amd64.deb
 42479c8f5a54974efc608f46a5f11d2c 175966 libs optional libsoup2.4-1_2.30.2-1+squeeze1_amd64.deb
 32ff1499faf4ce2e74795971162375e2 316748 debug extra libsoup2.4-dbg_2.30.2-1+squeeze1_amd64.deb
 22d9f1fb511433190373f59690e6119a 41088 libs optional libsoup-gnome2.4-1_2.30.2-1+squeeze1_amd64.deb
 31f8ee3cae8879805d4c82eb9217a865 41642 libdevel optional libsoup-gnome2.4-dev_2.30.2-1+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk7yOeYACgkQHYflSXNkfP/GhACaApViv+bhNBKvFDMgcP3wY7dm
0u4AmwY9pxW09/vAyATtSzzEws2xsHLe
=Hopf
-----END PGP SIGNATURE-----





Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Tue, 27 Dec 2011 02:00:04 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Tue, 27 Dec 2011 02:00:04 GMT) Full text and rfc822 format available.

Message #24 received at 635837-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 635837-close@bugs.debian.org
Subject: Bug#635837: fixed in libsoup2.4 2.4.1-2+lenny1
Date: Tue, 27 Dec 2011 01:57:33 +0000
Source: libsoup2.4
Source-Version: 2.4.1-2+lenny1

We believe that the bug you reported is fixed in the latest version of
libsoup2.4, which is due to be installed in the Debian FTP archive:

libsoup2.4-1_2.4.1-2+lenny1_amd64.deb
  to main/libs/libsoup2.4/libsoup2.4-1_2.4.1-2+lenny1_amd64.deb
libsoup2.4-dev_2.4.1-2+lenny1_amd64.deb
  to main/libs/libsoup2.4/libsoup2.4-dev_2.4.1-2+lenny1_amd64.deb
libsoup2.4-doc_2.4.1-2+lenny1_all.deb
  to main/libs/libsoup2.4/libsoup2.4-doc_2.4.1-2+lenny1_all.deb
libsoup2.4_2.4.1-2+lenny1.diff.gz
  to main/libs/libsoup2.4/libsoup2.4_2.4.1-2+lenny1.diff.gz
libsoup2.4_2.4.1-2+lenny1.dsc
  to main/libs/libsoup2.4/libsoup2.4_2.4.1-2+lenny1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 635837@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated libsoup2.4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 21 Dec 2011 19:36:22 +0000
Source: libsoup2.4
Binary: libsoup2.4-dev libsoup2.4-1 libsoup2.4-doc
Architecture: source all amd64
Version: 2.4.1-2+lenny1
Distribution: oldstable-security
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 libsoup2.4-1 - an HTTP library implementation in C -- Shared library
 libsoup2.4-dev - an HTTP library implementation in C -- Development files
 libsoup2.4-doc - an HTTP library implementation in C -- API Reference
Closes: 635837
Changes: 
 libsoup2.4 (2.4.1-2+lenny1) oldstable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix directory traversal vulnerability through crafted HTTP requests
     (CVE-2011-2524; Closes: #635837)
Checksums-Sha1: 
 72c937355acb01e10103822f0f138316b5e010c6 1304 libsoup2.4_2.4.1-2+lenny1.dsc
 907c424c7e9d130752909d622355b94643bf753b 866079 libsoup2.4_2.4.1.orig.tar.gz
 825ec55e3fd627348be44dfecf1d2ae7700077e8 7581 libsoup2.4_2.4.1-2+lenny1.diff.gz
 608d2595c24b6a88d2e829880f29f29c2e2aebf5 210312 libsoup2.4-doc_2.4.1-2+lenny1_all.deb
 e38feea3245fc4b80ea5424150be064df42a484e 225102 libsoup2.4-dev_2.4.1-2+lenny1_amd64.deb
 c6889e56276196b777ee74525bfec6f774f733e2 183576 libsoup2.4-1_2.4.1-2+lenny1_amd64.deb
Checksums-Sha256: 
 1e5d63c0a4c16c67368eb72840c1d0bec4f3fa817a3e29b4c3db340eae2200f0 1304 libsoup2.4_2.4.1-2+lenny1.dsc
 bbc6d24a3a788783e196a6ac4f744328e4c0a7b8ba5cd563360bb32580e79006 866079 libsoup2.4_2.4.1.orig.tar.gz
 068ce7282024d78ca1e9af80dedc80c05dc6aab82c9283d0eb947b702daf72b8 7581 libsoup2.4_2.4.1-2+lenny1.diff.gz
 d3a4e0855b9285f8b667e3f4b9455ca68c5d7a5d4f22f5a24d2b45b604dce8a3 210312 libsoup2.4-doc_2.4.1-2+lenny1_all.deb
 8e1e0c1617bfbd670f86a5d2dd3da02fcd55462fa4b5c25fb30ce7c9bbaabf85 225102 libsoup2.4-dev_2.4.1-2+lenny1_amd64.deb
 6c05138f95cb8452cb734c8ed28cb748a26ced35039ffc9a5ff8e37ecad996e0 183576 libsoup2.4-1_2.4.1-2+lenny1_amd64.deb
Files: 
 d8af893a40d61c9c367a0fbc15b0829f 1304 devel optional libsoup2.4_2.4.1-2+lenny1.dsc
 d8deba0b01b7d97e4dc6c435ff427138 866079 devel optional libsoup2.4_2.4.1.orig.tar.gz
 a7dcb5ecb3149be3b29c95007eba311e 7581 devel optional libsoup2.4_2.4.1-2+lenny1.diff.gz
 3728991c3a6148f1d2ca5ccca8e87f3b 210312 doc optional libsoup2.4-doc_2.4.1-2+lenny1_all.deb
 bd08a42e614f9d47b6c93c4719c200ea 225102 libdevel optional libsoup2.4-dev_2.4.1-2+lenny1_amd64.deb
 702dd12c8e7305d40b062a49a21daea7 183576 libs optional libsoup2.4-1_2.4.1-2+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk7yOIYACgkQHYflSXNkfP/YjgCeIgBzVd1JmpWp4KDosXlNYvGg
Z58AoKRrSu8d0tZQ6RKPE+hQFrtC6MEi
=CXd9
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 29 Jan 2012 07:35:27 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 16:41:22 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.