mirror of
https://git.yoctoproject.org/poky
synced 2026-04-26 00:32:12 +02:00
51dbc10084
CVE-2024-52531: GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. Refer: https://nvd.nist.gov/vuln/detail/CVE-2024-52531 CVE-2024-52530: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. Refer: https://nvd.nist.gov/vuln/detail/CVE-2024-52530 (From OE-Core rev: 0af9ac076cdbab70f526520acbbb0c38d237c407) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>