-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 15 Mar 2021 18:18:48 +0000 Source: glib2.0 Architecture: source Version: 2.67.6-1 Distribution: experimental Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Closes: 984969 Changes: glib2.0 (2.67.6-1) experimental; urgency=medium . * New upstream release - This fixes a symlink attack affecting file-roller. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, previously it would have also created the target of the symlink as an empty file, which could conceivably be security-sensitive if the symlink is attacker-controlled. (Closes: #984969; CVE-2021-28153) * Revert test-dependency on libc6-dev, which should no longer be necessary with the new upstream release. Checksums-Sha1: 7f0abbace3030685adc4a3c1aefc759175c3f86b 3506 glib2.0_2.67.6-1.dsc cfaa92d7bf596c5e0b48958ad35c724ea811697e 4935624 glib2.0_2.67.6.orig.tar.xz b31117c898d0e11902d4f57d54bf8d692ecb99ea 98592 glib2.0_2.67.6-1.debian.tar.xz cd320637fe8711815d3fb767dd1def9681db70f8 6942 glib2.0_2.67.6-1_source.buildinfo Checksums-Sha256: f617a8bc107b83aa137140b62c5ae32dca78e438f6b5fbb4cc51db908d1013f1 3506 glib2.0_2.67.6-1.dsc dd7f563509b410e8f94ef2d4cc7f74620a6b29d7c5d529fedec53c5e8018d9c5 4935624 glib2.0_2.67.6.orig.tar.xz 682ca6cf396c4d1ecbdb7d4d18fcb98ec6e9dad5122f8c9abb6bc2b5b32fbb46 98592 glib2.0_2.67.6-1.debian.tar.xz 34ac18f3b25e3b6a2713ef7d401d592cd351c32f28be0686815746b91ab3725f 6942 glib2.0_2.67.6-1_source.buildinfo Files: d26194940dd0208d21bd660d509afe13 3506 libs optional glib2.0_2.67.6-1.dsc e0158d4bc575d9301a91341cb35310b4 4935624 libs optional glib2.0_2.67.6.orig.tar.xz 04f1d8753238cdaae735e3d5190d1f4d 98592 libs optional glib2.0_2.67.6-1.debian.tar.xz 62cfd09f469ecc80dca7e6fd5c4caf18 6942 libs optional glib2.0_2.67.6-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmBP2AQACgkQ4FrhR4+B TE/fcw//QQaShJrYbpbx4dk7Osz4liI8NYAPsnXJFjeOyTSXCONnb7Wd8fO+Jf5m 9Fvs5zRZOh76sqSJyxj8Sft/SIfzXecB20T0QYxH72M/1BHf/b63zs6MuN55wgS7 /Wqf2Kbma5f9ypXDQOBu5e7xfnc7P1RHsrJW+obWnH62amRBxfjUE1ce7Ev0l/ky 2lmxyDmDmKegOPNjxe1DqAxE+0C+MNKB+PRZn7Vzxb5kca2uGutIOA09CjoJLVXB 8CDwv4bOzLjsINPkPVz5Y6FtMA8uZ/P6iSZ3ROXMnuC8wWka9dav+9wf4Ty7JNTv tHlh4mSSFtQM2NgoX5SeJ8+xoDwJnbq18YhvbkFrlo9mEze18EEP8FjD9v6ncX8j Sa8wfsCiznq5gbw7qr7JP9+4b2jYknFy36d63SwV/aC1whUKL7mc4MVUZOprXR2g 6/p689G+ukAc1LlLnpxq5qP0e7SwZN5OGbm+HhrgOlpBB1M69t4Znn9/x0T3zfpg Lma50+QeYcnv3m1TzFSdsNsFpu+mkmXEaaupPEGfT93BTcT96Ky0EBCZ/HSYmPRL mwGVQ9y5YVj0Ii/3O3cjaAysUz9NJw0p3XLoSUM/qvCUgznZAjU3McBdGMeMcKpT pnXJKYxmMDCZ6uuBIi6f8sUmi/s2GCs1F1AWogvxCMPpEkrsx8c= =MibH -----END PGP SIGNATURE-----