1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted glib2.0 2.58.3-2+deb10u3 (source) into proposed-updates->stabl

    From Debian FTP Masters@21:1/5 to All on Thu Jun 10 00:40:01 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Sat, 27 Mar 2021 11:34:13 +0000
    Source: glib2.0
    Architecture: source
    Version: 2.58.3-2+deb10u3
    Distribution: buster
    Urgency: medium
    Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
    Changed-By: Simon McVittie <smcv@debian.org>
    Closes: 982778 982779 984969
    Changes:
    glib2.0 (2.58.3-2+deb10u3) buster; urgency=medium
    .
    * d/patches: Resolve integer overflows, including CVE-2021-27219.
    These backported patches resolve an integer overflow that is known to
    be attacker-triggerable for denial of service in polkit (policykit-1),
    as well as replacing other simple uses of g_memdup() with g_memdup2().
    Overflows in most of these places would not be attacker-triggerable,
    but replacing them is simpler than assessing whether they are
    attacker-triggerable.
    The more complicated changes from 2.66.7 have not been backported,
    to avoid regressions in Debian 10; overflows in those locations are
    not believed to be attacker-triggerable. (Closes: #982778)
    * d/patches: Fix integer overflow CVE-2021-27218.
    This is not known to be exploitable in any particular program, but
    might be. (Closes: #982779)
    * d/patches: Fix a symlink attack affecting file-roller, CVE-2021-28153
    (Closes: #984969)
    Checksums-Sha1:
    6834be0c8c46f125dca5305a9ad1f868de03d907 3444 glib2.0_2.58.3-2+deb10u3.dsc
    9a5a3c86c56f7089e544e750c2b11eefb4ef0adc 107124 glib2.0_2.58.3-2+deb10u3.debian.tar.xz
    f28083b320e792a51255c20afffb81966923b559 8494 glib2.0_2.58.3-2+deb10u3_source.buildinfo
    Checksums-Sha256:
    1e016740f39e61ef728f4e2536dc3e3645d37c6dc8369816f8507792563643d8 3444 glib2.0_2.58.3-2+deb10u3.dsc
    2749397b93fca317a7f47489390393dedda6ef3c9359488bbd475a698529cf7a 107124 glib2.0_2.58.3-2+deb10u3.debian.tar.xz
    792d8cd96c1878701389fd2466e03946e27ff5621d9c80a342d02928c35da55a 8494 glib2.0_2.58.3-2+deb10u3_source.buildinfo
    Files:
    9650df0bb7ab1351af27a82442afc0f2 3444 libs optional glib2.0_2.58.3-2+deb10u3.dsc
    8e295aa26e1c992594b92e900f97fb80 107124 libs optional glib2.0_2.58.3-2+deb10u3.debian.tar.xz
    e0595397f5412cd6d9f0086a84054826 8494 libs optional glib2.0_2.58.3-2+deb10u3_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmC/5K8ACgkQ4FrhR4+B TE/qGxAAmkmcxX6K6ajesEVjI9cycNoMec7djRYdbNBcftrQQx7pP9HfgGOH+1b3 mU/spz68gCfzMfj7ydSDWXZRoETn+fG/U+fqXgeRCeomi2GM+nDIFmbhutcGONcg BX0H6MrIzAXj8052aUwWdz+KK6Oye2rv0SF5r4spVLDnDdUqK2K8MqsBWgSAN+Tv fkTD8rc17f+187r2vN3ZFBz4FQS4Ph8zJ79Cc85IXxtIVQZ1b+2cHyTP7ozKgFA8 rFEkngtEMD2s8Pm62KolxfHkTc8GyDyXXm0UGD4eHMDLzUtcNapE51XBGX8iB/yq 63Zbe4SPvCJt0LqtMaLUbFAoLi8kgRMA0YSh9Ara6cjgxBoSepfah5OtO0LqemSa zG5I6QTrlbCQlpteqy/IFXjjH6aoqA3bpe8S9UZFZjHoKDb+QKjxohvlkHvoDuqi bFKjS8VlqPCczLYC5R8ytymhC9L3+qBh/seBtvlJ4dRoi2aDAadR+R2DodLidUU8 F6guLzA9Zn8qBM8ue1Ub/G4srORm0oa1vWD3XvFdPB0Bg+ktiG2A/9xVgsF+b1wg Ne9A6ADOfk8q5Tm0dHsL1+wvG5dw0LochEkZsWlnEScl6sCglrssQqj31iGqtPVr esN+AFTync1O4wjkk4ucLOmsD0EsejKd0C3DQcwADPZJ1FG5C0o=
    =KC15
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)