glib2.0 - Debian Package Tracker

general

source: glib2.0 (main)
version: 2.86.3-1
maintainer: Debian GNOME Maintainers (archive) (DMD)
uploaders: Simon McVittie [DMD] – Marco Trevisan (Treviño) [DMD] – Jeremy Bícha [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.66.8-1+deb11u4
o-o-sec: 2.66.8-1+deb11u7
oldstable: 2.74.6-2+deb12u7
old-sec: 2.74.6-2+deb12u2
stable: 2.84.4-3~deb13u1
testing: 2.86.3-1
unstable: 2.86.3-1

versioned links

2.66.8-1+deb11u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.66.8-1+deb11u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.74.6-2+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.74.6-2+deb12u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.78.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.78.4-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.84.4-3~deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.86.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-girepository-3.0
gir1.2-girepository-3.0-dev
gir1.2-glib-2.0
gir1.2-glib-2.0-dev
girepository-tools
libgio-2.0-dev
libgio-2.0-dev-bin
libgirepository-2.0-0
libgirepository-2.0-dev
libglib2.0-0t64 (2 bugs: 0, 1, 1, 0)
libglib2.0-bin (9 bugs: 0, 8, 1, 0)
libglib2.0-data (1 bugs: 0, 0, 1, 0)
libglib2.0-dev (5 bugs: 0, 3, 2, 0)
libglib2.0-dev-bin
libglib2.0-doc (3 bugs: 0, 2, 1, 0)
libglib2.0-tests
libglib2.0-udeb

action needed

Depends on packages which need a new maintainer normal

The packages that glib2.0 depends on which need a new maintainer are:

docbook-xml (#802368)
- Build-Depends: docbook-xml
docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2023-09-01 Last update: 2025-12-18 08:33

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.86.3-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 4759fb395d14f1f263e9774e276ee1aff5f59adc
Author: Simon McVittie <smcv@debian.org>
Date:   Thu Dec 11 10:52:10 2025 +0000

    Mention CVE-2025-14512 in previous changelog entry now that it has been allocated

commit 27fc5678f3f08a1db4477240b32b6c7b11a41c47
Author: Simon McVittie <smcv@debian.org>
Date:   Wed Dec 10 12:06:01 2025 +0000

    Mention #1122346, #1122347 in previous changelog entry

Created: 2025-12-10 Last update: 2025-12-13 00:03

lintian reports 8 warnings normal

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-11-20 Last update: 2025-11-20 06:31

3 low-priority security issues in trixie low

There are 3 open security issues in trixie.

3 issues left for the package maintainer to handle:

CVE-2025-13601: (needs triaging) A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
CVE-2025-14087: (needs triaging) A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.
CVE-2025-14512: (needs triaging) A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-12-15 Last update: 2025-12-16 16:30

debian/patches: 8 patches to forward upstream low

Among the 17 debian patches available in version 2.86.3-1 of the package, we noticed the following issues:

8 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-12-10 07:01

news

[rss feed]

[2025-12-17] glib2.0 2.86.3-1 MIGRATED to testing (Debian testing watch)
[2025-12-16] Accepted glib2.0 2.66.8-1+deb11u7 (source) into oldoldstable-security (Emilio Pozuelo Monfort)
[2025-12-09] Accepted glib2.0 2.86.3-1 (source) into unstable (Simon McVittie)
[2025-11-24] glib2.0 2.86.2-1 MIGRATED to testing (Debian testing watch)
[2025-11-19] Accepted glib2.0 2.86.2-1 (source) into unstable (Simon McVittie)
[2025-11-15] glib2.0 2.86.1-2 MIGRATED to testing (Debian testing watch)
[2025-11-03] Accepted glib2.0 2.86.1-2 (source) into unstable (Simon McVittie)
[2025-10-24] glib2.0 2.86.1-1 MIGRATED to testing (Debian testing watch)
[2025-10-21] Accepted glib2.0 2.86.1-1 (source) into unstable (Simon McVittie)
[2025-10-21] Accepted glib2.0 2.86.0-7 (source) into unstable (Simon McVittie)
[2025-10-19] glib2.0 2.86.0-5 MIGRATED to testing (Debian testing watch)
[2025-10-14] Accepted glib2.0 2.86.0-6 (source) into experimental (Simon McVittie)
[2025-10-13] Accepted glib2.0 2.86.0-5 (source) into unstable (Simon McVittie)
[2025-09-19] Accepted glib2.0 2.86.0-4 (source) into experimental (Simon McVittie)
[2025-09-18] Accepted glib2.0 2.86.0-3 (source) into experimental (Simon McVittie)
[2025-09-12] Accepted glib2.0 2.86.0-2 (source) into experimental (Marco Trevisan (Treviño)) (signed by: Marco Trevisan)
[2025-09-11] Accepted glib2.0 2.86.0-1 (source) into experimental (Marco Trevisan (Treviño)) (signed by: Marco Trevisan)
[2025-08-30] Accepted glib2.0 2.74.6-2+deb12u7 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Simon McVittie)
[2025-08-24] Accepted glib2.0 2.84.4-3~deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Simon McVittie)
[2025-08-22] Accepted glib2.0 2.85.4-1 (source) into experimental (Simon McVittie)
[2025-08-21] glib2.0 2.84.4-3 MIGRATED to testing (Debian testing watch)
[2025-08-18] Accepted glib2.0 2.85.3-1 (source) into experimental (Simon McVittie)
[2025-08-17] Accepted glib2.0 2.84.4-3 (source) into unstable (Simon McVittie)
[2025-08-12] Accepted glib2.0 2.84.4-2 (source) into unstable (Simon McVittie)
[2025-08-09] Accepted glib2.0 2.84.4-1 (source) into unstable (Simon McVittie)
[2025-07-30] Accepted glib2.0 2.85.2-2 (source) into experimental (Alessandro Astone) (signed by: Jeremy Bicha)
[2025-07-09] Accepted glib2.0 2.85.1-2 (source) into experimental (Alessandro Astone) (signed by: Jeremy Bicha)
[2025-07-03] Accepted glib2.0 2.85.1-1 (source) into experimental (Jeremy Bícha) (signed by: Jeremy Bicha)
[2025-06-23] glib2.0 2.84.3-1 MIGRATED to testing (Debian testing watch)
[2025-06-15] Accepted glib2.0 2.84.3-1 (source) into unstable (Simon McVittie)

bugs [bug history graph]

all: 67 70
RC: 0
I&N: 53 55
M&W: 14 15
F&P: 0
patch: 0

links

homepage
lintian (0, 8)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (-, 75)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.86.2-1
153 bugs (4 patches)