Deepin Community Bot Pushes Critical Security Patches for libsoup3, Addressing CVE-2026-1467 & CVE-2026-1536

The Deepin community's automated CI system has pushed a high-urgency security update for the libsoup3 library, patching multiple critical vulnerabilities. The update, version 3.6.5-8, addresses three distinct CVEs, including a Carriage Return Line Feed (CRLF) injection flaw and an information leak, marking a significant security hardening for a core networking component used across the Deepin ecosystem.

The update was published by the `deepin-community-bot` to a specific testing repository. The changelog, signed by maintainers Bruce Cable and Jeremy Bícha, details the fixes: CVE-2026-1467 patches a host validation issue in GUri checks; CVE-2026-1536 enforces header validation from untrusted sources; and CVE-2026-1539 prevents an information leak by removing the Proxy-Authorization header on cross-origin redirects. These patches close specific Debian bug reports, indicating coordinated upstream remediation.

This release signals active, automated security maintenance within the Deepin project's infrastructure. The deployment to a `TestingIntegration` repository suggests these fixes are being prepared for broader distribution. For developers and system integrators relying on Deepin's packages, this update underscores the need to monitor and integrate these security patches promptly to mitigate risks associated with HTTP library manipulation and data exposure.