-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 6 Jun 2022 14:35:42 CEST Source: glib2.0 Binary: libglib2.0-0 libglib2.0-tests libglib2.0-udeb libglib2.0-bin libglib2.0-dev libglib2.0-0-dbg libglib2.0-data libglib2.0-doc libgio-fam Architecture: source Version: 2.50.3-2+deb9u3 Distribution: stretch-security Urgency: high Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libgio-fam - GLib Input, Output and Streaming Library (fam module) libglib2.0-0 - GLib library of C routines libglib2.0-0-dbg - Debugging symbols for the GLib libraries libglib2.0-bin - Programs for the GLib library libglib2.0-data - Common files for GLib library libglib2.0-dev - Development files for the GLib library libglib2.0-doc - Documentation files for the GLib library libglib2.0-tests - GLib library of C routines - installed tests libglib2.0-udeb - GLib library of C routines - minimal runtime (udeb) Checksums-Sha1: 6b2d318aa39f2c19a608746c37a525f90e1d5999 3429 glib2.0_2.50.3-2+deb9u3.dsc 6a583e13bf5232d4dca9f968a23d89abb9acebd9 87720 glib2.0_2.50.3-2+deb9u3.debian.tar.xz 7ce3ca43a3872763c2bef6ebdc3d4c32cca10f3a 10984 glib2.0_2.50.3-2+deb9u3_amd64.buildinfo Checksums-Sha256: 7e080dfb2f6aeb8db835c1aef845294665d99fd07f9494c4ff022cedb2bcd059 3429 glib2.0_2.50.3-2+deb9u3.dsc c8c0b58d5cb5c510546bfbaa6289ac93417dbac6efeb289d938d816458a358c8 87720 glib2.0_2.50.3-2+deb9u3.debian.tar.xz 2df98b6c307b7cf009439240290d758d0351c9f81ddc68e140621583209812b3 10984 glib2.0_2.50.3-2+deb9u3_amd64.buildinfo Changes: glib2.0 (2.50.3-2+deb9u3) stretch-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2021-28153: When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) * Fix CVE-2021-27218: If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. * Fix CVE-2021-27219: The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. Files: c0e3a6596ec864aa54ccd5c421dc9339 3429 libs optional glib2.0_2.50.3-2+deb9u3.dsc bbf0df279a55f4db2ce4acbf6008030b 87720 libs optional glib2.0_2.50.3-2+deb9u3.debian.tar.xz 0b15066960587385e54ceb18a34ea132 10984 libs optional glib2.0_2.50.3-2+deb9u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKd9MdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk100P/RNiAu2B52c4/yvLPvFOMafJvWK0E4J4St+I ryNstXBLKpPN7GszystGW1g5rJtGK7/m6XXvFrOAW+EBWrpM7NMlkurfUjhNEWpy RNKJI78cddmOgcjDjXzryIQJmClNNGB8Jx6LqaOSBi9+BBOWBVxNCEtifRjuIWKO 8MK7vy5Nb3RbaV8Dv8dBUvh+fuUH5ZJ1iVF1Kfhy67RVY+teCs2YgWoqYh+kaW6k ibsmoaM3htDX/R/waxVpTDO3zr+KOjIvy1j8eseXc571+NYSOWwjtfTzVyWcersB lcTcmhSb6YPhR06ksJOZqodET6smFy1qU/n9RFZGGFkPqQeuoTtXXT8nAw19/X+l c5vMHSET66RGnx/UC74jbsqPexoPgSTo/dj7n+ICocMgbPaHxajEYZ5eAcAx704m CnV/qOMSff/D4TNgXu9A1ZqLsuCItApfKk0NvAucQkw8ldPGkdPABoRRJLEBApJC /TG43ipNAprcmQLTTKqfYMNyyEYpOY6wZlhbvIMQmWJC0U1iUZx9ecPX8gh7AZhu 3FH0m4CKi1U4O9emCufdZ5ElDlJkVCZmWSWmgpmiyiiPQDUzdA0Vv2K2ZSy6cSVb O0BoouBY8j3S3MIUmWxdO1vuyXOpHkqp6hHVtXpBuej2+PaGuqlEs8PooxDiDj1T IkJse3PC =GKLp -----END PGP SIGNATURE-----
