home  bbs  files  messages ]

      ZZLI4418             linux.debian.changes             419 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 69 of 419 on ZZLI4418, Monday 8-31-25, 1:12  
  From: DEBIAN FTP MASTERS  
  To: ALL  
  Subj: Accepted glib2.0 2.74.6-2+deb12u7 (sourc  
 From: ftpmaster@ftp-master.debian.org 
  
 -----BEGIN PGP SIGNED MESSAGE----- 
 Hash: SHA512 
  
 Format: 1.8 
 Date: Mon, 18 Aug 2025 09:27:51 +0100 
 Source: glib2.0 
 Architecture: source 
 Version: 2.74.6-2+deb12u7 
 Distribution: bookworm 
 Urgency: medium 
 Maintainer: Debian GNOME Maintainers  
 Changed-By: Simon McVittie  
 Closes: 1065022 1104930 1110640 1110696 
 Changes: 
  glib2.0 (2.74.6-2+deb12u7) bookworm; urgency=medium 
  . 
    * d/p/gstring-carefully-handle-gssize-parameters.patch, 
      d/p/gstring-Make-len_unsigned-unsigned.patch: 
      Add patches from upstream to fix a buffer underflow in GString. 
      This could cause a memory overwrite if a program handles extremely 
 large 
      text strings of an attacker-controlled length. The required string 
 length 
      would be close to 2 GiB on 32-bit and the bug is not believed to be 
      practically feasible to exploit on 64-bit. (CVE-2025-4373) 
      (Closes: #1104930) 
    * d/p/glib-gfileutils.c-use-64-bits-for-value-in-get_tmp_file.patch, 
      d/p/gfileutils-fix-computation-of-temporary-file-name.patch: 
      Add patches from upstream to fix a buffer underflow in get_tmp_file(). 
      This is used in g_mkstemp(), g_mkdtemp() and similar functions, and 
      could cause a crash or possibly arbitrary file overwrites (believed to 
      be unlikely to be exploitable in practice) if a long-running program 
      creates more than 2 billion temporary files. (CVE-2025-7039) 
      (Closes: #1110640) 
    * d/libglib2.0-0.postrm.in: 
      Rewrite postrm for safer upgrade behaviour, based on the version 
      in unstable and proposed for inclusion in trixie: 
      - Only remove giomodule.cache during purge, not during remove. 
        This matches the behaviour of gschemas.compiled and avoids a window 
        between old-postrm and new-postinst during which giomodule.cache is 
        missing, breaking applications that need GIO modules. 
      - Don't remove gschemas.compiled or giomodule.cache during purge 
        if there is evidence that they might still be needed 
        (Closes: #1065022, #1110696): 
        + don't remove them if ${libdir}/glib-2.0 still exists, for example 
          provided by libglib2.0-0t64 after upgrading to trixie; 
        + don't remove gschemas.compiled if at least one GSettings schema 
          still exists; 
        + don't remove giomodule.cache if at least one GIO module still 
 exists 
      - Refactoring to support the above 
    * d/tests/1065022-futureproofing: 
      Add a test for #1065022, modified from the version in unstable and 
      proposed for inclusion in trixie 
 Checksums-Sha1: 
  7e87a5355160d75d5b083ea0ed835c044e40f420 3791 glib2.0_2.74.6-2+deb12u7.dsc 
  5d316c12b5871be5a1c3ef9e253db2b3720d847b 146116 glib2.0_2.74.6- 
 +deb12u7.debian.tar.xz 
  ee8543bacb02e54476e93938cbb648240eb17231 7617 glib2.0_2.74.6-2+ 
 eb12u7_source.buildinfo 
 Checksums-Sha256: 
  066362edce4b07892c9be16a45c4c622e40d6db150c184d18f11a952db5bac88 3791 
 glib2.0_2.74.6-2+deb12u7.dsc 
  60c9115898dab3f6553ccc5f928a689117486b2b62639e09c8dc52b9d0fd6396 146116 
 glib2.0_2.74.6-2+deb12u7.debian.tar.xz 
  279a62c30dc5b75e609e6d55ac18af99a7e7b9ec8d8722cca872cb00e3954dcb 7617 
 glib2.0_2.74.6-2+deb12u7_source.buildinfo 
 Files: 
  1968c94b6473602ab7708d1e4fd98c9b 3791 libs optional glib2.0_2.7 
 .6-2+deb12u7.dsc 
  a8c585d345c0713a083541d186586b7d 146116 libs optional glib2.0_2 
 74.6-2+deb12u7.debian.tar.xz 
  d55f9fb481ac7bdb7c0741ffc8f551f9 7617 libs optional glib2.0_2.7 
 .6-2+deb12u7_source.buildinfo 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmiq4rcACgkQI1wJnT6z 
 MHaE4xAAie5E/5qRBMMvgWymRJGnz9qeiDaHPkXgPhps6cX0/cmh0mTohe+bFHRk 
 qP/Rtzkmn4bFhDE950VGOHpagnr0bIarpi++DckG3ZKEjetl8Fx8RLP992ZOHkI+ 
 ym+XFaXKaGQNxAbQAdOb/TvMknuV56cqfIRyV8QD0AdHj4NyDhK782m04A/qwfhb 
 4pPGh4Ih0o1Z83I7cey2RVlRoYuZLDOkknS6AhAMb0sL/2oRXre+Twl2aObVJZQc 
 S4nRYAKooL0TK8uU6Z/AOEd0AIEWzDgc2AaWDC3Ae6z5L/fpzkpiUyZzBIB73hR1 
 XcguYILghrzrf3hL+8TI8anG2KYRIO2mJK73+11Fe4JUBmva/dPrI2jAjBsa679R 
 hY4RXi25na5g+srvf7QPTMypqGviSazUZpDAVHYTVDeHg+rguU+FmkZglHfkl5Yz 
 9D0Dsr6oMrF0PR48sdJdnx6AzSisHgHfDJynIRXILZVpkbn4RgOkHMZInI1yxwYs 
 cqipzA8OmADlZ+OrQPxZRcTdglLvNm+op6IiMpUxwmvGXIwYBZwTwS2Y3Yn980bo 
 zbBOAvtc/PmIn9VnrXXrUsFYHkNfzIj/9XSfEr3Dwaf9LNt11o4hMa66DgFNUapL 
 TcdMzKjr/jXd8VkoM3tIdQLM46a0tk05sGzXobbgsPEGaxDafuQ= 
 =1ZvG 
 -----END PGP SIGNATURE----- 
  
  
 --==============Q28798194729434550=Content-Type: application/pgp-signature 
  
 -----BEGIN PGP SIGNATURE----- 
  
 iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaLNf5AAKCRCb9qggYcy5 
 IaeQAQDwUadRJuO5AXEFKSftm9ntCUkJR2EkHhdG+hoUmmJwlgD/by+PTAhVRJW9 
 jSlWaLcqubLb+fdIrS/Og3kLuclfswE=LYZs 
 -----END PGP SIGNATURE----- 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 

[ list messages | list forums | previous | next | reply ]

search for:

328,089 visits
(c) 1994,  bbs@darkrealms.ca