Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted glib2.0 2.66.8-1+deb11u7 (source) into oldoldstable-security
Date: Tue, 16 Dec 2025 09:40:20 +0000
Signed by: Emilio Pozuelo Monfort <pochu@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 15 Dec 2025 16:27:21 +0100
Source: glib2.0
Architecture: source
Version: 2.66.8-1+deb11u7
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Closes: 1104930 1110640 1121488 1122346 1122347
Changes:
 glib2.0 (2.66.8-1+deb11u7) bullseye-security; urgency=medium
 .
   * Team upload.
   * CVE-2025-13601: integer overflow into heap buffer overflow escaping
     very large strings in g_escape_uri_string (Closes: #1121488).
   * CVE-2025-14087: buffer overwrite when processing large GVariant strings.
     (Closes: #1122347).
   * CVE-2025-14512: interger overflow into buffer overwrite when processing
     file attributes in GIO's escape_byte_string (Closes: #1122346).
   * CVE-2025-4373: integer overflow into buffer underwrite in
     g_string_insert_unichar (Closes: #1104930).
   * CVE-2025-7039: integer overflow into buffer underread in gfileutils'
     get_tmp_file (Closes: #1110640).
Checksums-Sha1:
 e5caced215e01c74729d01dbed4ea22739ca93bc 3304 glib2.0_2.66.8-1+deb11u7.dsc
 668795cd3c2698a28987fb38d632ff7642ddf377 4845548 glib2.0_2.66.8.orig.tar.xz
 9845d4feeec1e816f239bfb75e73373da1416e8b 198672 glib2.0_2.66.8-1+deb11u7.debian.tar.xz
 d6307ac2d0fec459cf7ddf5ddf3c19a98aa9c395 7972 glib2.0_2.66.8-1+deb11u7_source.buildinfo
Checksums-Sha256:
 a6df0ec21b44a84b7d7b0dc93fd675340b865d25d8c3ee824313ec789f3e58e1 3304 glib2.0_2.66.8-1+deb11u7.dsc
 97bc87dd91365589af5cbbfea2574833aea7a1b71840fd365ecd2852c76b9c8b 4845548 glib2.0_2.66.8.orig.tar.xz
 431521377d7898443c4c4dced663a3d02589a5d0cc5872f3328c8e90089c5446 198672 glib2.0_2.66.8-1+deb11u7.debian.tar.xz
 70645b647353a878dd33c485b00a729a35ad5bd6174259e5ca447d8d41bec219 7972 glib2.0_2.66.8-1+deb11u7_source.buildinfo
Files:
 0ef2af8d7f678a03a5cc47033afae660 3304 libs optional glib2.0_2.66.8-1+deb11u7.dsc
 705dd46a43d339e8aea19e946e71c32a 4845548 libs optional glib2.0_2.66.8.orig.tar.xz
 dd9a4b875ebc5806dce171682d32b98b 198672 libs optional glib2.0_2.66.8-1+deb11u7.debian.tar.xz
 70c1ba951d096270792a0b41379fc48d 7972 libs optional glib2.0_2.66.8-1+deb11u7_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmlBJH0ACgkQnUbEiOQ2
gwKciBAAk4+o8kb2RwZYuJ0JDNEA8SaeIwXr8JbRC7zoLPI+qboWaW1LRU9g6g5G
CnqTFqzOOcvVEATbfRr5ov1q1EwP9qpq7LwMYhT8tLtQAFJntgH/0jJSk0NszvvO
eGFpnDsuN4NMq/j6wGoZNf18g2lidPNNCXlk533fh5sCh+x7zqZCEt4S9GcYDgO0
bYssaORFTpHcUQggipBSSIw4ranNXFiDbJtzCcZtr71GeF18If6g8jvuq/McRWm6
UrIajGrw44caTmhOeqcTDYUOrXJaBHjUTlk2RAhh8FA+mulG1eOM7iQcDXQQCIi8
7T/LxRth3ni1Slem2N1IUEP5i50luIogpAfXzgrXt8BR6vKH9Yz6NJjGLe2u9icQ
1PqWwTc1jh5tYt+/B6WFvvy6kP2MeQSziHPZ1Hmi7TymNM79KZF1vH46eSzHitmO
ff/Ak0wNU2vYWpgC/kPYlhu1NAQmbx5kKt9sE6mtLREKOWClmdXX0vn5m+MgFSo0
G9aBtz31BG6v7/CGQGn+k501Zsy/KvTQ4otvtoRHhJO8l5csXf8AY+5LOHj8XLtQ
taKAhRGSJUwWXmdRMFqCY6gVO2g3vcyMuq2aCWTLCGBJLDPIcshw+TG7sVAr7t/Y
ZipENzwax88VczdyWlCE87dsgAGC/YxCSxomYslRNUaNiB4r9IQ=
=NOYd
-----END PGP SIGNATURE-----

News for package glib2.0