Bug#982779: libglib2.0-0: Integer overflow in g_byte_array_new_take()/g_bytes_unref_to_array() on 64-bit platforms

Simon McVittie smcv at debian.org
Sun Feb 14 11:42:04 GMT 2021


Package: libglib2.0-0
Version: 2.31.8-1
Severity: important
Tags: security fixed-upstream
Forwarded: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
X-Debbugs-Cc: team at security.debian.org, debian-lts at lists.debian.org
Control: close -1 2.66.7-1

Krzesimir Nowak discovered an integer overflow similar to, but not the
same as, GHSL-2021-045 (see separate bug report) which was fixed in
GLib 2.66.7. Any backports of this fix into older distribution releases
should probably be done at the same time as GHSL-2021-045, but the fixed
version upstream is different, so I've requested a separate CVE ID for it.

    smcv



More information about the pkg-gnome-maintainers mailing list