glib2.0_2.74.6-2+deb12u1_source.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue May 7 21:43:38 BST 2024
Thank you for your contribution to Debian.
Mapping stable-security to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 7 May 2024 14:39:03 BST
Source: glib2.0
Architecture: source
Version: 2.74.6-2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Changes:
glib2.0 (2.74.6-2+deb12u1) bookworm-security; urgency=high
.
* d/patches: Backport GDBus fixes from 2.80.1
- If local users send signals on the D-Bus system bus that spoof a
trusted sender, do not deliver them to signal subscriptions for the
trusted sender's well-known bus name (CVE-2024-34397)
- Fix a use-after-free when subscribing to signals with an arg0
match rule, originally from 2.79.0 and necessary to make the test
for CVE-2024-34397 pass reliably
- Add a local backport of g_set_str(), required by the above
- Add proposed fix for a race condition that can cause a unit test
to regress after the above
* d/gbp.conf, d/control.in: Use debian/bookworm branch for Debian 12
Checksums-Sha256:
c284203bffd0010727d9c315d084cc2f61077ad3b7d14fc5355092fe26e294b5 3604 glib2.0_2.74.6-2+deb12u1.dsc
b1b465830420dd146e9b6974902f241c5eba3e33f1b18fcb6155d805a14023c0 138472 glib2.0_2.74.6-2+deb12u1.debian.tar.xz
7314e932c197018be104874313e83903565c7ac06f11fd5bc9780067a5b5b5c4 7362 glib2.0_2.74.6-2+deb12u1_source.buildinfo
dabcaff9298aa111a94e580561d2f29371f3e61b356c925ec5e0792df2b11ff2 267596 glib2.0_2.74.6.orig-unicode-data.tar.xz
069cf7e51cd261eb163aaf06c8d1754c6835f31252180aff5814e5afc7757fbc 5217312 glib2.0_2.74.6.orig.tar.xz
Checksums-Sha1:
da082cb96abb74e92c28a1f96f00b58ab0e9788d 3604 glib2.0_2.74.6-2+deb12u1.dsc
087b22bbc57ea7fa2165afa33bc3b112842f64d1 138472 glib2.0_2.74.6-2+deb12u1.debian.tar.xz
aed2dadb4dc6884bcf3e09a4b43250d31017c6a1 7362 glib2.0_2.74.6-2+deb12u1_source.buildinfo
ed894bc4a82445f4f7b867a9da045f35d4b16b34 267596 glib2.0_2.74.6.orig-unicode-data.tar.xz
c924652ae8526754e765bbe9cc6ffe6885a7fedf 5217312 glib2.0_2.74.6.orig.tar.xz
Files:
5de2f7d091bcdfd68a4a86009ca0e12f 3604 libs optional glib2.0_2.74.6-2+deb12u1.dsc
37e1453d48f043915a74d7742fa27ee0 138472 libs optional glib2.0_2.74.6-2+deb12u1.debian.tar.xz
2f6a38283c653e6e2aa396bb445b93d6 7362 libs optional glib2.0_2.74.6-2+deb12u1_source.buildinfo
b04bd93cfba7c4035f152578abe28c32 267596 libs optional glib2.0_2.74.6.orig-unicode-data.tar.xz
38f81d4a06c03e667b1f4d73cb803da8 5217312 libs optional glib2.0_2.74.6.orig.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmY6MfAACgkQ4FrhR4+B
TE+cSg/+NmweREwHFiqTZx26YRKsQHLvsI3JQyt/WqxXoyMCSvLsI1nOEgsFxBIS
hxqD26QtYajM4GNe/QpE/F9P1baTsYaCryIAqK1RSl2h0O7tVxfOVg44tIBeLOIS
HOow6YoJlw3d1QQyVqmxdcWd7BLIxLeqrdKxtQDoRWYZcqBgByfIT+Hyqv+3YE+k
fxLY16otugDpRGq9/XNn0QFA6yPtPBRRCznvRUA8xkqvTcZOit5/0hdu/dlAb8Cm
fSIlSQ8nZbCp559rNDhlKwYNCyHmEA8vDizuBxt3oKA+hfLKOEDc2rVdyxeWT+ms
xJ8wGlFHzhVjuSqMPeLdIdExKxf2Nlhtaa3mqGYtkRSmxLFpLycHbFHOxww39EzU
4ZZw5nZqNk0aY81jMqIg50wNMUQZ1ae6Ia8QJjtYWQDyEpjBeEoQ0J4OmprTDPU5
5JME1sGA1mcMsFIxrplEVbofELZTvLiVCKS2a4C741th8bNWZM0u20aklJNZNx9G
fgHkjt4cVimahvepGYo+80bNpnm8Ms9kxoWc1op0JSOs/D8Tjr+vC43ZdHP4vZYT
0Qgm4nyhBi8JoWlmvQwPp/+RcZ+CVJZ7r/sc1yopiXS2vfrhG3D84N6MmcYTbAMu
PMvOFylNcPjC95JnOC0FPAf7eWvbSiGQNtNS3w/lc1j2CgSVbX0=
=Y1wZ
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20240507/366b34d4/attachment.sig>
More information about the pkg-gnome-maintainers
mailing list