Re: CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding

From: Dan Winship <danw gnome org>
To: Tobias Mueller <tobiasmue gnome org>, distributor-list gnome org
Cc: security gnome org
Subject: Re: CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding
Date: Thu, 10 Aug 2017 08:40:53 -0400

On 08/10/2017 08:36 AM, Tobias Mueller wrote:

Hi.

PSA: Please update libsoup with the patch from
https://bugzilla.gnome.org/show_bug.cgi?id=78577
or take one of the new releases 2.59.90.1,  2.58.2 (gnome-3-24), or
2.56.1 (gnome-3-22).

...

All versions since 2012 are affected.


And the patch from bugzilla/master applies cleanly all the way back to
the gnome-3-4 branch if you need it for an older branch.

-- Dan

References:
- CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding
  - From: Tobias Mueller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]