glib2.0_2.74.6-2+deb12u7_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sat Aug 30 20:04:49 BST 2025 

Thank you for your contribution to Debian.

Mapping bookworm to oldstable.
Mapping oldstable to oldstable-proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 Aug 2025 09:27:51 +0100
Source: glib2.0
Architecture: source
Version: 2.74.6-2+deb12u7
Distribution: bookworm
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Closes: 1065022 1104930 1110640 1110696
Changes:
 glib2.0 (2.74.6-2+deb12u7) bookworm; urgency=medium
 .
   * d/p/gstring-carefully-handle-gssize-parameters.patch,
     d/p/gstring-Make-len_unsigned-unsigned.patch:
     Add patches from upstream to fix a buffer underflow in GString.
     This could cause a memory overwrite if a program handles extremely large
     text strings of an attacker-controlled length. The required string length
     would be close to 2 GiB on 32-bit and the bug is not believed to be
     practically feasible to exploit on 64-bit. (CVE-2025-4373)
     (Closes: #1104930)
   * d/p/glib-gfileutils.c-use-64-bits-for-value-in-get_tmp_file.patch,
     d/p/gfileutils-fix-computation-of-temporary-file-name.patch:
     Add patches from upstream to fix a buffer underflow in get_tmp_file().
     This is used in g_mkstemp(), g_mkdtemp() and similar functions, and
     could cause a crash or possibly arbitrary file overwrites (believed to
     be unlikely to be exploitable in practice) if a long-running program
     creates more than 2 billion temporary files. (CVE-2025-7039)
     (Closes: #1110640)
   * d/libglib2.0-0.postrm.in:
     Rewrite postrm for safer upgrade behaviour, based on the version
     in unstable and proposed for inclusion in trixie:
     - Only remove giomodule.cache during purge, not during remove.
       This matches the behaviour of gschemas.compiled and avoids a window
       between old-postrm and new-postinst during which giomodule.cache is
       missing, breaking applications that need GIO modules.
     - Don't remove gschemas.compiled or giomodule.cache during purge
       if there is evidence that they might still be needed
       (Closes: #1065022, #1110696):
       + don't remove them if ${libdir}/glib-2.0 still exists, for example
         provided by libglib2.0-0t64 after upgrading to trixie;
       + don't remove gschemas.compiled if at least one GSettings schema
         still exists;
       + don't remove giomodule.cache if at least one GIO module still exists
     - Refactoring to support the above
   * d/tests/1065022-futureproofing:
     Add a test for #1065022, modified from the version in unstable and
     proposed for inclusion in trixie
Checksums-Sha1:
 7e87a5355160d75d5b083ea0ed835c044e40f420 3791 glib2.0_2.74.6-2+deb12u7.dsc
 5d316c12b5871be5a1c3ef9e253db2b3720d847b 146116 glib2.0_2.74.6-2+deb12u7.debian.tar.xz
 ee8543bacb02e54476e93938cbb648240eb17231 7617 glib2.0_2.74.6-2+deb12u7_source.buildinfo
Checksums-Sha256:
 066362edce4b07892c9be16a45c4c622e40d6db150c184d18f11a952db5bac88 3791 glib2.0_2.74.6-2+deb12u7.dsc
 60c9115898dab3f6553ccc5f928a689117486b2b62639e09c8dc52b9d0fd6396 146116 glib2.0_2.74.6-2+deb12u7.debian.tar.xz
 279a62c30dc5b75e609e6d55ac18af99a7e7b9ec8d8722cca872cb00e3954dcb 7617 glib2.0_2.74.6-2+deb12u7_source.buildinfo
Files:
 1968c94b6473602ab7708d1e4fd98c9b 3791 libs optional glib2.0_2.74.6-2+deb12u7.dsc
 a8c585d345c0713a083541d186586b7d 146116 libs optional glib2.0_2.74.6-2+deb12u7.debian.tar.xz
 d55f9fb481ac7bdb7c0741ffc8f551f9 7617 libs optional glib2.0_2.74.6-2+deb12u7_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmiq4rcACgkQI1wJnT6z
MHaE4xAAie5E/5qRBMMvgWymRJGnz9qeiDaHPkXgPhps6cX0/cmh0mTohe+bFHRk
qP/Rtzkmn4bFhDE950VGOHpagnr0bIarpi++DckG3ZKEjetl8Fx8RLP992ZOHkI+
ym+XFaXKaGQNxAbQAdOb/TvMknuV56cqfIRyV8QD0AdHj4NyDhK782m04A/qwfhb
4pPGh4Ih0o1Z83I7cey2RVlRoYuZLDOkknS6AhAMb0sL/2oRXre+Twl2aObVJZQc
S4nRYAKooL0TK8uU6Z/AOEd0AIEWzDgc2AaWDC3Ae6z5L/fpzkpiUyZzBIB73hR1
XcguYILghrzrf3hL+8TI8anG2KYRIO2mJK73+11Fe4JUBmva/dPrI2jAjBsa679R
hY4RXi25na5g+srvf7QPTMypqGviSazUZpDAVHYTVDeHg+rguU+FmkZglHfkl5Yz
9D0Dsr6oMrF0PR48sdJdnx6AzSisHgHfDJynIRXILZVpkbn4RgOkHMZInI1yxwYs
cqipzA8OmADlZ+OrQPxZRcTdglLvNm+op6IiMpUxwmvGXIwYBZwTwS2Y3Yn980bo
zbBOAvtc/PmIn9VnrXXrUsFYHkNfzIj/9XSfEr3Dwaf9LNt11o4hMa66DgFNUapL
TcdMzKjr/jXd8VkoM3tIdQLM46a0tk05sGzXobbgsPEGaxDafuQ=
=1ZvG
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20250830/cc673e79/attachment.sig>

More information about the pkg-gnome-maintainers mailing list