glib2.0_2.58.3-2+deb10u3_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed Jun 9 23:32:07 BST 2021 


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 27 Mar 2021 11:34:13 +0000
Source: glib2.0
Architecture: source
Version: 2.58.3-2+deb10u3
Distribution: buster
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Closes: 982778 982779 984969
Changes:
 glib2.0 (2.58.3-2+deb10u3) buster; urgency=medium
 .
   * d/patches: Resolve integer overflows, including CVE-2021-27219.
     These backported patches resolve an integer overflow that is known to
     be attacker-triggerable for denial of service in polkit (policykit-1),
     as well as replacing other simple uses of g_memdup() with g_memdup2().
     Overflows in most of these places would not be attacker-triggerable,
     but replacing them is simpler than assessing whether they are
     attacker-triggerable.
     The more complicated changes from 2.66.7 have not been backported,
     to avoid regressions in Debian 10; overflows in those locations are
     not believed to be attacker-triggerable. (Closes: #982778)
   * d/patches: Fix integer overflow CVE-2021-27218.
     This is not known to be exploitable in any particular program, but
     might be. (Closes: #982779)
   * d/patches: Fix a symlink attack affecting file-roller, CVE-2021-28153
     (Closes: #984969)
Checksums-Sha1:
 6834be0c8c46f125dca5305a9ad1f868de03d907 3444 glib2.0_2.58.3-2+deb10u3.dsc
 9a5a3c86c56f7089e544e750c2b11eefb4ef0adc 107124 glib2.0_2.58.3-2+deb10u3.debian.tar.xz
 f28083b320e792a51255c20afffb81966923b559 8494 glib2.0_2.58.3-2+deb10u3_source.buildinfo
Checksums-Sha256:
 1e016740f39e61ef728f4e2536dc3e3645d37c6dc8369816f8507792563643d8 3444 glib2.0_2.58.3-2+deb10u3.dsc
 2749397b93fca317a7f47489390393dedda6ef3c9359488bbd475a698529cf7a 107124 glib2.0_2.58.3-2+deb10u3.debian.tar.xz
 792d8cd96c1878701389fd2466e03946e27ff5621d9c80a342d02928c35da55a 8494 glib2.0_2.58.3-2+deb10u3_source.buildinfo
Files:
 9650df0bb7ab1351af27a82442afc0f2 3444 libs optional glib2.0_2.58.3-2+deb10u3.dsc
 8e295aa26e1c992594b92e900f97fb80 107124 libs optional glib2.0_2.58.3-2+deb10u3.debian.tar.xz
 e0595397f5412cd6d9f0086a84054826 8494 libs optional glib2.0_2.58.3-2+deb10u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmC/5K8ACgkQ4FrhR4+B
TE/qGxAAmkmcxX6K6ajesEVjI9cycNoMec7djRYdbNBcftrQQx7pP9HfgGOH+1b3
mU/spz68gCfzMfj7ydSDWXZRoETn+fG/U+fqXgeRCeomi2GM+nDIFmbhutcGONcg
BX0H6MrIzAXj8052aUwWdz+KK6Oye2rv0SF5r4spVLDnDdUqK2K8MqsBWgSAN+Tv
fkTD8rc17f+187r2vN3ZFBz4FQS4Ph8zJ79Cc85IXxtIVQZ1b+2cHyTP7ozKgFA8
rFEkngtEMD2s8Pm62KolxfHkTc8GyDyXXm0UGD4eHMDLzUtcNapE51XBGX8iB/yq
63Zbe4SPvCJt0LqtMaLUbFAoLi8kgRMA0YSh9Ara6cjgxBoSepfah5OtO0LqemSa
zG5I6QTrlbCQlpteqy/IFXjjH6aoqA3bpe8S9UZFZjHoKDb+QKjxohvlkHvoDuqi
bFKjS8VlqPCczLYC5R8ytymhC9L3+qBh/seBtvlJ4dRoi2aDAadR+R2DodLidUU8
F6guLzA9Zn8qBM8ue1Ub/G4srORm0oa1vWD3XvFdPB0Bg+ktiG2A/9xVgsF+b1wg
Ne9A6ADOfk8q5Tm0dHsL1+wvG5dw0LochEkZsWlnEScl6sCglrssQqj31iGqtPVr
esN+AFTync1O4wjkk4ucLOmsD0EsejKd0C3DQcwADPZJ1FG5C0o=
=KC15
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the pkg-gnome-maintainers mailing list