Debian Package Tracker
Register | Log in
Subscribe

glib2.0

Choose email to subscribe with

general
  • source: glib2.0 (main)
  • version: 2.88.2-1
  • maintainer: Debian GNOME Maintainers (archive) (DMD)
  • uploaders: Simon McVittie [DMD] – Marco Trevisan (Treviño) [DMD] – Jeremy Bícha [DMD]
  • arch: all any
  • std-ver: 4.7.4
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 2.66.8-1+deb11u4
  • o-o-sec: 2.66.8-1+deb11u8
  • oldstable: 2.74.6-2+deb12u9
  • old-sec: 2.74.6-2+deb12u2
  • stable: 2.84.4-3~deb13u3
  • testing: 2.88.2-1
  • unstable: 2.88.2-1
versioned links
  • 2.66.8-1+deb11u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.66.8-1+deb11u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.74.6-2+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.74.6-2+deb12u9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.84.4-3~deb13u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.88.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • gir1.2-girepository-3.0
  • gir1.2-girepository-3.0-dev
  • gir1.2-glib-2.0
  • gir1.2-glib-2.0-dev
  • girepository-tools
  • libgio-2.0-dev
  • libgio-2.0-dev-bin
  • libgirepository-2.0-0
  • libgirepository-2.0-dev
  • libglib2.0-0t64 (2 bugs: 0, 1, 1, 0)
  • libglib2.0-bin (9 bugs: 0, 8, 1, 0)
  • libglib2.0-data (1 bugs: 0, 0, 1, 0)
  • libglib2.0-dev (5 bugs: 0, 3, 2, 0)
  • libglib2.0-dev-bin
  • libglib2.0-doc (3 bugs: 0, 2, 1, 0)
  • libglib2.0-tests
  • libglib2.0-udeb
action needed
7 security issues in trixie high

There are 7 open security issues in trixie.

7 important issues:
  • CVE-2026-58010: A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.
  • CVE-2026-58011: A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service.
  • CVE-2026-58012: A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.
  • CVE-2026-58013: A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.
  • CVE-2026-58014: A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.
  • CVE-2026-58015: A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.
  • CVE-2026-58016: A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.
Created: 2026-07-01 Last update: 2026-07-01 07:02
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2026-58016: A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.
Created: 2026-07-01 Last update: 2026-07-01 07:02
1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:
  • CVE-2026-58016: A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.
Created: 2026-07-01 Last update: 2026-07-01 07:02
7 security issues in bullseye high

There are 7 open security issues in bullseye.

7 important issues:
  • CVE-2026-58010: A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.
  • CVE-2026-58011: A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service.
  • CVE-2026-58012: A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.
  • CVE-2026-58013: A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.
  • CVE-2026-58014: A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.
  • CVE-2026-58015: A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.
  • CVE-2026-58016: A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.
Created: 2026-07-01 Last update: 2026-07-01 07:02
7 security issues in bookworm high

There are 7 open security issues in bookworm.

7 important issues:
  • CVE-2026-58010: A flaw was found in GLib. An off-by-one error can occur in the gvs_tuple_is_normal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses > instead of >=, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information disclosure of 1 byte and a denial of service when the out-of-bounds read crosses a page boundary.
  • CVE-2026-58011: A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the g_date_time_get_ymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the g_date_time_add_full function is processed. This flaw can corrupt the date output and potentially cause logic errors that may lead to a denial of service.
  • CVE-2026-58012: A flaw was found in GLib. A buffer over-read can occur in the g_regex_replace function when used with the `G_REGEX_RAW` compile flag and case-change replacement escapes because the string_append function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the string is treated as raw bytes. This vulnerability can cause a minor information disclosure of 1-5 bytes and a denial of service when the buffer over-read crosses a page boundary.
  • CVE-2026-58013: A flaw was found in GLib. A buffer over-read can occur in g_io_channel_read_line_backend() in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes or a denial of service when the buffer over-read crosses a page boundary.
  • CVE-2026-58014: A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundary.
  • CVE-2026-58015: A flaw was found in GLib. The D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism does not validate the cookie_context parameter received from the server. A malicious D-Bus server can supply a cookie_context containing path traversal sequences, causing the client to read an arbitrary file and exfiltrate sensitive data by verifying guessed file contents against a generated hash.
  • CVE-2026-58016: A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a <node> element nested within other elements like <method>, <signal>, <property> or <arg>. This issue can cause an unsigned integer overflow and lead to an out-of-bounds read, resulting in a denial of service.
Created: 2026-07-01 Last update: 2026-07-01 07:02
Depends on packages which need a new maintainer normal
The packages that glib2.0 depends on which need a new maintainer are:
  • docbook-xsl (#802370)
    • Build-Depends: docbook-xsl
Created: 2023-09-01 Last update: 2026-07-01 07:02
lintian reports 8 warnings normal
Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2026-06-26 Last update: 2026-06-26 11:00
debian/patches: 8 patches to forward upstream low

Among the 17 debian patches available in version 2.88.2-1 of the package, we noticed the following issues:

  • 8 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2026-06-26 11:01
Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2026-01-01 Last update: 2026-03-17 10:00
news
[rss feed]
  • [2026-06-28] glib2.0 2.88.2-1 MIGRATED to testing (Debian testing watch)
  • [2026-06-25] Accepted glib2.0 2.88.2-1 (source) into unstable (Simon McVittie)
  • [2026-05-18] glib2.0 2.88.1-2 MIGRATED to testing (Debian testing watch)
  • [2026-05-04] Accepted glib2.0 2.88.1-2 (source) into unstable (Jeremy Bícha)
  • [2026-04-08] Accepted glib2.0 2.74.6-2+deb12u9 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Andreas Henriksson)
  • [2026-04-08] Accepted glib2.0 2.84.4-3~deb13u3 (source) into proposed-updates (Debian FTP Masters) (signed by: Andreas Henriksson)
  • [2026-03-22] glib2.0 2.88.0-1 MIGRATED to testing (Debian testing watch)
  • [2026-03-16] Accepted glib2.0 2.88.0-1 (source) into unstable (Simon McVittie)
  • [2026-03-13] Accepted glib2.0 2.87.5-1 (source) into experimental (Simon McVittie)
  • [2026-02-26] Accepted glib2.0 2.87.3-1 (source) into experimental (Marco Trevisan (Treviño)) (signed by: Marco Trevisan)
  • [2026-02-26] Accepted glib2.0 2.87.3~gitlab0-1 (source) into experimental (Marco Trevisan (Treviño)) (signed by: Marco Trevisan)
  • [2026-02-23] Accepted glib2.0 2.66.8-1+deb11u8 (source) into oldoldstable-security (Andreas Henriksson)
  • [2026-02-14] glib2.0 2.87.2-3 MIGRATED to testing (Debian testing watch)
  • [2026-02-07] Accepted glib2.0 2.87.2-3 (source) into unstable (Jeremy Bícha)
  • [2026-01-31] glib2.0 2.86.3-5 MIGRATED to testing (Debian testing watch)
  • [2026-01-29] Accepted glib2.0 2.87.2-2 (source) into experimental (Simon McVittie)
  • [2026-01-28] Accepted glib2.0 2.86.3-5 (source) into unstable (Simon McVittie)
  • [2026-01-23] Accepted glib2.0 2.87.2-1 (source) into experimental (Jeremy Bícha)
  • [2026-01-10] glib2.0 2.86.3-4 MIGRATED to testing (Debian testing watch)
  • [2026-01-05] Accepted glib2.0 2.87.1-1 (source) into experimental (Jeremy Bícha)
  • [2026-01-01] Accepted glib2.0 2.86.3-4 (source) into unstable (Jeremy Bícha)
  • [2025-12-31] Accepted glib2.0 2.86.3-3 (source) into unstable (Jeremy Bícha)
  • [2025-12-31] Accepted glib2.0 2.86.3-2 (source) into unstable (Jeremy Bícha)
  • [2025-12-26] Accepted glib2.0 2.74.6-2+deb12u8 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Emilio Pozuelo Monfort)
  • [2025-12-21] Accepted glib2.0 2.84.4-3~deb13u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Simon McVittie)
  • [2025-12-17] glib2.0 2.86.3-1 MIGRATED to testing (Debian testing watch)
  • [2025-12-16] Accepted glib2.0 2.66.8-1+deb11u7 (source) into oldoldstable-security (Emilio Pozuelo Monfort)
  • [2025-12-09] Accepted glib2.0 2.86.3-1 (source) into unstable (Simon McVittie)
  • [2025-11-24] glib2.0 2.86.2-1 MIGRATED to testing (Debian testing watch)
  • [2025-11-19] Accepted glib2.0 2.86.2-1 (source) into unstable (Simon McVittie)
  • 1
  • 2
bugs [bug history graph]
  • all: 65 68
  • RC: 0
  • I&N: 51 53
  • M&W: 14 15
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 8)
  • buildd: logs, reproducibility, cross
  • popcon
  • browse source code
  • other distros
  • security tracker
  • l10n (-, 76)
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 2.88.1-2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing