Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted glib2.0 2.66.8-1+deb11u8 (source) into oldoldstable-security
Date: Mon, 23 Feb 2026 09:50:24 +0000
Signed by: Andreas Henriksson <ah@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 13 Feb 2026 12:38:03 +0100
Source: glib2.0
Architecture: source
Version: 2.66.8-1+deb11u8
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Henriksson <andreas@fatal.se>
Closes: 1125752 1126549 1126550 1126551
Changes:
 glib2.0 (2.66.8-1+deb11u8) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2026-0988: Missing input validation in g_buffered_input_stream_peek
     (Closes: #1125752)
   * CVE-2026-1484: Integer overflow in base64 encoding can cause memory
     corruption. (Closes: #1126551)
   * CVE-2026-1485: Buffer underflow vulnerability in content type parsing
     caused by (signed) integer wrap for large inputs. (Closes: #1126550)
   * CVE-2026-1489: Integer overflow in unicode conversion can lead to memory
     corruption. (Closes: #1126549)
Checksums-Sha1:
 4786d80e44fc2996af1dd2187cc77865f85cb319 3304 glib2.0_2.66.8-1+deb11u8.dsc
 668795cd3c2698a28987fb38d632ff7642ddf377 4845548 glib2.0_2.66.8.orig.tar.xz
 41b5faf8d5c0cceb5dcfa79d03bc8a6cdd02cd6b 202500 glib2.0_2.66.8-1+deb11u8.debian.tar.xz
 1fc870da3f099f487f98d4d5c3cc918cb5c36a81 8790 glib2.0_2.66.8-1+deb11u8_source.buildinfo
Checksums-Sha256:
 160e0fa2ab75fd99b4abc72751d6a0eaab1d41cf23a10d26060cd73aae6ae0ab 3304 glib2.0_2.66.8-1+deb11u8.dsc
 97bc87dd91365589af5cbbfea2574833aea7a1b71840fd365ecd2852c76b9c8b 4845548 glib2.0_2.66.8.orig.tar.xz
 07f0a3226901cca3456b3860439ff3615aac5de4522445d4ff6cbfefb562f068 202500 glib2.0_2.66.8-1+deb11u8.debian.tar.xz
 eb48774723bd08f58fae1d0f61c2eddd85acbfc2818b86772d9524ee45de68fa 8790 glib2.0_2.66.8-1+deb11u8_source.buildinfo
Files:
 0a34f511d2559ce44ac2064123855ab2 3304 libs optional glib2.0_2.66.8-1+deb11u8.dsc
 705dd46a43d339e8aea19e946e71c32a 4845548 libs optional glib2.0_2.66.8.orig.tar.xz
 d6c135230d24fab20ee4768a5b55cafe 202500 libs optional glib2.0_2.66.8-1+deb11u8.debian.tar.xz
 550782074ff91b88b6f221f2c0b61bba 8790 libs optional glib2.0_2.66.8-1+deb11u8_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmmcIFIACgkQC8R9xk0T
UwbmYw/8CQK9cImX19696JJfd4ASGGn6ol9ecf/mDaEqFnllaiJ+n/cUtPB7PJad
ke4o7+hdisR3yo0zIBat9lswsmSIaGyiusDr45k5tQHh4VqQlFHx2xh5vcAiabdB
L5YG2VSroXjHfbc4JwN8j/ZOn+b0BM5/H87apWMx4t2q5TPWua6ZJY9ySAGE2Mti
sh5b94dsFWDmMd2M0N4AsvndBXF10zaDr8e4U4UezRyc+J1AXQTwsBh1OmcWY/sC
hhS2byHexoxfg4WJPlV48CEgxqxx9JLpGWSEfcj2PNcuH8GN8PRZc8zigVfI0Uh6
JvezITeEzE1LBqWZK2XeF3/bDuSzG4p5DAzlaFb3h3f2FWqVmUDaJTBeQcyTDICX
LTfS7QFv4S1KwmG2K7qx2Dtx430GHGHi4crzyACowdqW0IO+2TdoEocoBqlFabVc
cbLRqwpck1ZrlCPcvW++bUS4nFi6xIE6m9HJvlU4tf+z8FWxZqPKcNdAgH/llFj1
RpTPwErCVG/vVr+5U8b1etvgKWPcy7Ozvq4peYv+HT2pWAsT56ddcuDMmABN3ujf
No0W2W3/4ZPwH9uKd3I2sPZTCffEgF+IVUfA/fDFBNRpG8UQP2UWxkGah2PqyAoz
qMhOsmNs1iy30qbmYfp9VMhGWkYUGgJZAkOqXiriLJ1hLMRJwPE=
=Ovr7
-----END PGP SIGNATURE-----

News for package glib2.0