Other IDs this deficiency may be known by:
|Date Last Modified
Version Specific Information:
|Cucumber 1.0 i686||fixed in libsoup-22.214.171.124-i686-2 |
|Cucumber 1.0 x86_64||fixed in libsoup-126.96.36.199-x86_64-2 and libsoup-lib_i686-188.8.131.52-lib_i686-2 |
|Cucumber 1.1 i686
||fixed in libsoup-184.108.40.206-i686-2 |
|Cucumber 1.1 x86_64
||fixed in libsoup-220.127.116.11-x86_64-2 and libsoup-lib_i686-18.104.22.168-lib_i686-2 |
=================================== Overview ===================================
soup_cookie_jar_get_cookies in soup-cookie-jar.c in libsoup allows attackers to
have unspecified impact via an empty hostname.
================================= Our Analysis =================================
----- Affected Products -----
Libsoup version 22.214.171.124 that has not had the patch from the commit
applied is vulnerable. This includes libsoup as originally packaged in Cucumber
Linux 1.0 and 1.1.
----- Scope and Impact of this Vulnerability -----
The impact of this vulnerability is unknown as of Fri Jul 6 08:38:52 EDT 2018.
----- Fix for this Vulnerability -----
This vulnerability can be fixed by applying the patch from the commit
================================= Our Solution =================================
We have applied the aforementioned patch and rebuilt.