-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 13 Aug 2019 10:46:20 +0100 Source: glib2.0 Binary: libglib2.0-0 libglib2.0-tests libglib2.0-udeb libglib2.0-bin libglib2.0-dev libglib2.0-0-dbg libglib2.0-data libglib2.0-doc libgio-fam Architecture: source Version: 2.50.3-2+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Description: libgio-fam - GLib Input, Output and Streaming Library (fam module) libglib2.0-0 - GLib library of C routines libglib2.0-0-dbg - Debugging symbols for the GLib libraries libglib2.0-bin - Programs for the GLib library libglib2.0-data - Common files for GLib library libglib2.0-dev - Development files for the GLib library libglib2.0-doc - Documentation files for the GLib library libglib2.0-tests - GLib library of C routines - installed tests libglib2.0-udeb - GLib library of C routines - minimal runtime (udeb) Closes: 929753 931234 Changes: glib2.0 (2.50.3-2+deb9u1) stretch; urgency=medium . * Team upload * d/gbp.conf: Add GNOME team configuration * d/p/gfile-Limit-access-to-files-when-copying.patch: When copying files, give the temporary partial copy of the file suitably restrictive permissions (Closes: #929753; CVE-2019-12450) * d/p/keyfile-settings-Use-tighter-permissions.patch: Create directory and file with restrictive permissions when using the GKeyfileSettingsBackend. Mitigation: in this version of GLib, the GKeyfileSettingsBackend can only be used explicitly by code, and is never selected automatically. (Closes: #931234; CVE-2019-13012) * d/p/gmarkup-Fix-unvalidated-UTF-8-read-in-markup-parsing-erro.patch, d/p/gmarkup-Avoid-reading-off-the-end-of-a-buffer-when-non-nu.patch: Avoid buffer read overrun when formatting error messages for invalid UTF-8 in GMarkup (CVE-2018-16429) * d/p/gmarkup-Fix-crash-in-error-handling-path-for-closing-elem.patch: Avoid NULL dereference when parsing invalid GMarkup with a malformed closing tag not paired with an opening tag (CVE-2018-16429) Checksums-Sha1: 3e5b3232675ca069efc46ae9b77fb5b400018d0c 3451 glib2.0_2.50.3-2+deb9u1.dsc 38921822069c760ce1c33c3149bccba85b4dd617 74472 glib2.0_2.50.3-2+deb9u1.debian.tar.xz bf82692a5f402b317d78c4caf09e7f1e75f4b225 8351 glib2.0_2.50.3-2+deb9u1_source.buildinfo Checksums-Sha256: 1ec772f446253b189271f35106e39aa84a74a57796c9b1d09f3fe4b6f608c1bb 3451 glib2.0_2.50.3-2+deb9u1.dsc 305398721ed8c790b677e44850228fd04efd1b9da7181bb0eedd9822ad7ff5d7 74472 glib2.0_2.50.3-2+deb9u1.debian.tar.xz 839929c489ef87be82d541629a5db6ea1dac906b730ff8da2ffcb2c8247c05fe 8351 glib2.0_2.50.3-2+deb9u1_source.buildinfo Files: 14c3dfb0b47583e8cd5eec5dd9deea7e 3451 libs optional glib2.0_2.50.3-2+deb9u1.dsc de5bf0d8a60c964623e45a307f51f7be 74472 libs optional glib2.0_2.50.3-2+deb9u1.debian.tar.xz 370e1f749acbbb8173e9a4621532bd6c 8351 libs optional glib2.0_2.50.3-2+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAl1WW6oQHHNtY3ZAZGVi aWFuLm9yZwAKCRDgWuFHj4FMT9nQD/4vxpymXdXam6vYEMJcJft7vXCgxI4aXsmJ pj/HjvR1S8dNnQ/WzwO7tz2CKQOUifnE55VpL1qjO/iovD08g3B1k9smk/7qO07w Mg5uDTfRnCtXJ+ImpxKO5I8RTDvbx8bn+Iv9n1Xgn1vfslmUQsmuHfS3/XpBtuUq m0TicpsUVngd5EC3ENaH28Xi0zbsiFuxf09lK1VPoKh11PaqoR7X20CO9dV6bdxc i+AaZrfGmX8/kkR50vB+U+IZwpu+yKcL+Vfq//Cma0s2swUQPircT4LnaDrsQMIc /L0GP9gDPSWwaEeb6kePX1si7i4swaYAMDkRsvbiVMRV0gEAeucFO603C+f+K2+y nKbZpK81yu1hwfHu2L+LyaELQpYDc6/mM+4szNzvkqggxTbzyYQhaiCBc4z72RxF nsJy6BZptD47cblkMU7RGnT2hHfYuTYOSoBJegZBBkdTYY6Dd4l6YT485+dtSzd/ Ayybp6Ws7Dglc7bjca9K9656RWt4PXiVUuokIkUolNQr/f99b3e8jjjOL1cdK6d/ JL9MFGdlNwrWbZFbiSNWYletB/W6US155PghaEqMS8/DPwyN8YH2HPjRgCN5OkI4 fSpChiPwsY7eWRRqSEVVw2zEtk81nR9llDW/l0odmA1RRKiFvfh+LtBxRblGAR7H Al5jui5W2g== =K3YH -----END PGP SIGNATURE-----