Bug#924344: glib2.0: CVE-2019-9633
Philip Withnall
philip at tecnocode.co.uk
Wed Apr 3 13:18:36 BST 2019
On Wed, 2019-04-03 at 13:00 +0100, Simon McVittie wrote:
> On Fri, 29 Mar 2019 at 20:13:17 +0100, Moritz Mühlenhoff wrote:
> > On Mon, Mar 11, 2019 at 09:32:02PM +0100, Salvatore Bonaccorso
> > wrote:
> > > Version: 2.58.3-1
>
> Do we know for sure that 2.58.x is vulnerable? I've tried the
> reproducer
> from the upstream bug and didn't see criticals or a crash.
>
> > > Forwarded: https://gitlab.gnome.org/GNOME/glib/issues/1649
>
> This bug says "Another likely regression from Happy Eyeballs". GLib's
> implementation of RFC 8305 "Happy Eyeballs" is a new feature (or new
> optimization, depending how you look at it) in 2.59.x/2.60.x.
Yeah, this bug should be present in 2.59.x where (x < 2). It was fixed
by commit d553d92d6e9f53cbe5a34166fcb919ba652c6a8e, which is present in
2.59.2 onwards. The bug was not present in 2.58.x.
I’ve left a comment about it here:
https://gitlab.gnome.org/GNOME/glib/issues/1649#note_481826
Philip
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20190403/63800076/attachment.sig>
More information about the pkg-gnome-maintainers
mailing list