[Git][security-tracker-team/security-tracker][master] Reserve DLA-4412-1 for glib2.0

Tue Dec 16 10:04:18 GMT 2025


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
56b049ca by Emilio Pozuelo Monfort at 2025-12-16T11:04:06+01:00
Reserve DLA-4412-1 for glib2.0

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -44808,7 +44808,6 @@ CVE-2025-7039 (A flaw was found in glib. An integer overflow during temporary fi
 	- glib2.0 2.84.4-1 (bug #1110640)
 	[trixie] - glib2.0 2.84.4-3~deb13u1
 	[bookworm] - glib2.0 2.74.6-2+deb12u7
-	[bullseye] - glib2.0 <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3716
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4674
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/glib/-/commit/61e963284889ddb4544e6f1d5261c16120f6fcc3 (2.85.2)
@@ -73295,7 +73294,6 @@ CVE-2025-4374 (A flaw was found in Quay. When an organization acts as a proxy ca
 CVE-2025-4373 (A flaw was found in GLib, which is vulnerable to an integer overflow i ...)
 	- glib2.0 2.84.1-3 (bug #1104930)
 	[bookworm] - glib2.0 2.74.6-2+deb12u7
-	[bullseye] - glib2.0 <postponed> (Minor issue, fix along with next update)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3677
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4588
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4592


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Dec 2025] DLA-4412-1 glib2.0 - security update
+	{CVE-2025-4373 CVE-2025-7039 CVE-2025-13601 CVE-2025-14087 CVE-2025-14512}
+	[bullseye] - glib2.0 2.66.8-1+deb11u7
 [16 Dec 2025] DLA-4411-1 libgd2 - security update
 	{CVE-2021-38115 CVE-2021-40145 CVE-2021-40812}
 	[bullseye] - libgd2 2.3.0-2+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -105,10 +105,6 @@ git-lfs
   NOTE: 20251102: Added by Front-Desk (apo)
   NOTE: 20251102: Fix may be partial due to git < 2.42 in bullseye.
 --
-glib2.0 (Emilio)
-  NOTE: 20251129: Added by Front-Desk (rouca)
-  NOTE: 20251215: prepared bookworm-pu, will follow with bullseye next (pochu)
---
 golang-github-gorilla-csrf
   NOTE: 20250422: Added by Front-Desk (rouca)
   NOTE: 20250422: Need to binNMU reverse depends (in that order): golang-github-alecthomas-chroma, golang-github-niklasfasching-go-org, golang-github-yuin-goldmark-highlighting, hugo (rouca)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56b049cafac45cd1aba286ed188aa25b7ae8a56c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56b049cafac45cd1aba286ed188aa25b7ae8a56c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251216/1e40bc38/attachment-0001.htm>
