Ubuntu has issued an advisory on October 9: https://usn.ubuntu.com/4152-1/ The issue was fixed upstream in 2.68.1.
This package has no maintainer, so assigning this bug globally. CC'ing Olav as having seen it often before.
CC: (none) => olavAssignee: bugsquad => pkg-bugs
Patched package uploaded for Mageia 7. Advisory: ======================== Updated libsoup package fixes security vulnerability: It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service (CVE-2019-17266). References: https://usn.ubuntu.com/4152-1/ https://nvd.nist.gov/vuln/detail/CVE-2019-17266 ======================== Updated packages in core/updates_testing: ======================== libsoup-i18n-2.66.1-2.1.mga7.noarch.rpm lib64soup2.4_1-2.66.1-2.1.mga7 lib64soup-devel-2.66.1-2.1.mga7 lib64soup-gir2.4-2.66.1-2.1.mga7 from libsoup-2.66.1-2.1.mga7.src.rpm Test procedure: https://bugs.mageia.org/show_bug.cgi?id=23275#c4
Keywords: (none) => has_procedureAssignee: pkg-bugs => qa-bugsCC: (none) => mrambo
$ uname -a Linux linux.local 5.3.7-desktop-4.mga7 #1 SMP Thu Oct 24 20:11:12 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux This is a GNOME DE The following 3 packages are going to be installed: - lib64soup-gir2.4-2.66.1-2.1.mga7.x86_64 - lib64soup2.4_1-2.66.1-2.1.mga7.x86_64 - libsoup-i18n-2.66.1-2.1.mga7.noarch --rebooted tested shotwell. Seems to work MGA7-64-OK
Whiteboard: (none) => MGA7-64-OKCC: (none) => brtians1
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0312.html
Status: NEW => RESOLVEDResolution: (none) => FIXED