Ubuntu
libsoup2.4 package

CVE-2018-12910

Bug #1779901 reported by Iain Lane on 2018-07-03

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libsoup2.4 (Ubuntu)	Fix Released	Undecided	Unassigned
	Xenial	Fix Released	Undecided	Unassigned
	Artful	Fix Released	Undecided	Unassigned
	Bionic	Fix Released	Undecided	Unassigned

Bug Description

If you have appropriate permissions, you can view details at the following links:

https://gitlab.gnome.org/GNOME/libsoup/issues/3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12910

CVE References

2018-12910

Iain Lane (laney) on 2018-07-03

Changed in libsoup2.4 (Ubuntu):
status:	New → Fix Released

Revision history for this message

Iain Lane (laney) wrote on 2018-07-03:

#1

1779901-xenial.debdiff Edit (5.7 KiB, text/plain)

Revision history for this message

Iain Lane (laney) wrote on 2018-07-03:

#2

1779901-artful.debdiff Edit (6.2 KiB, text/plain)

Revision history for this message

Iain Lane (laney) wrote on 2018-07-03:

#3

1779901-bionic.debdiff Edit (6.1 KiB, text/plain)

Changed in libsoup2.4 (Ubuntu Xenial):
status:	New → Confirmed
Changed in libsoup2.4 (Ubuntu Artful):
status:	New → Confirmed
Changed in libsoup2.4 (Ubuntu Bionic):
status:	New → Confirmed

Revision history for this message

Iain Lane (laney) wrote on 2018-07-03:

#4

I could have added Bug-Ubuntu I guess. Anyway, there you go.

Michael supplied a test so I included that in the debdiffs to give some confidence.

Tested build, install, upgrade.

Revision history for this message

Leonidas S. Barbosa (leosilvab) wrote on 2018-07-03:

#5

Hi,

We already have updates going through QA. Soon as possibly they'll be published.

Thanks!

Revision history for this message

Leonidas S. Barbosa (leosilvab) wrote on 2018-07-03:

#6

https://usn.ubuntu.com/3701-1/

Changed in libsoup2.4 (Ubuntu Xenial):
status:	Confirmed → Fix Released
Changed in libsoup2.4 (Ubuntu Artful):
status:	Confirmed → Fix Released
Changed in libsoup2.4 (Ubuntu Bionic):
status:	Confirmed → Fix Released

Revision history for this message

Iain Lane (laney) wrote on 2018-07-04:

#7

How could I have seen that so I didn't waste my time preparing debdiffs? Or is it just "ask"?

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2018-07-04:

#8

Sorry about that.

You can look up the CVE in our tracker, and see if someone is in the Assigned-to section:

https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12910.html

For a security update, it's probably best to just ask us.

Revision history for this message

Iain Lane (laney) wrote on 2018-07-04:

#9

No worries. I was doing the Debian update anyway and this wasn't that much effort on top. :-)

I had clicked on the CVE link in Launchpad, which goes to https://bugs.launchpad.net/bugs/cve/2018-12910. But I guess even if there was a bug, it'd probably have been private security and I wouldn't have seen it anyway.

Cheers!

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2018-07-04:

#10

Oh, we don't track security updates in bugs, we track them in our tracker.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.