glib2.0_2.84.4-3~deb13u2_source.changes ACCEPTED into proposed-updates->stable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Fri Dec 12 21:49:22 GMT 2025 

Thank you for your contribution to Debian.

Mapping trixie to stable.
Mapping stable to proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 12 Dec 2025 18:43:13 +0000
Source: glib2.0
Architecture: source
Version: 2.84.4-3~deb13u2
Distribution: trixie
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv at debian.org>
Closes: 1121488 1122346 1122347
Changes:
 glib2.0 (2.84.4-3~deb13u2) trixie; urgency=medium
 .
   * d/patches: Add patches from 2.86.3 upstream to avoid integer overflows
     - d/p/gconvert-Error-out-if-g_escape_uri_string-would-overflow.patch,
       d/p/fuzzing-Add-fuzz-tests-for-g_filename_-to-from-_uri.patch:
       Fix an integer overflow when interpolating hundreds of megabytes of
       unescaped text into a URI, and add test coverage
       (CVE-2025-13601, glib#3827 upstream, Closes: #1121488)
     - d/p/gvariant-parser-Fix-potential-integer-overflow-parsing-by.patch:
       Fix an integer overflow when parsing very large strings in GVariant
       text format (CVE-2025-14087, glib#3834 upstream, Closes: #1122347)
     - d/p/gvariant-parser-Use-size_t-to-count-numbers-of-child-elem.patch,
       d/p/gvariant-parser-Convert-error-handling-code-to-use-size_t.patch:
       Fix other potential integer overflows parsing very large container
       types in GVariant text format, related to CVE-2025-14087
     - d/p/gfileattribute-Fix-integer-overflow-calculating-escaping-.patch:
       Fix an integer overflow when escaping invalid characters in very
       large file attributes
       (CVE-2025-14512, glib#3845 upstream, Closes: #1122346)
Checksums-Sha1:
 352632dbd57965138cc612e4a5369997410d7b6c 5004 glib2.0_2.84.4-3~deb13u2.dsc
 80a867d4c954c5b1fb074673926e89950d22e04d 147008 glib2.0_2.84.4-3~deb13u2.debian.tar.xz
 59a4c0d8d9259083e5b7306bd920c2b3a289629d 7656 glib2.0_2.84.4-3~deb13u2_source.buildinfo
Checksums-Sha256:
 11f6bc2e601e6f682cda7b9e9473573625de6d5bca840fd9167c8753b95deade 5004 glib2.0_2.84.4-3~deb13u2.dsc
 61a886d74a2a77179bea9b89bad4e7eec421c3a553add55ec7ddd0bb1e1eefec 147008 glib2.0_2.84.4-3~deb13u2.debian.tar.xz
 6f7fc6e83801a4bddb79fcef6165ad833b98eee9de8c3a4919e39934573e4acc 7656 glib2.0_2.84.4-3~deb13u2_source.buildinfo
Files:
 1440ec360a9fa85c47d28a4bc9b4e8f0 5004 libs optional glib2.0_2.84.4-3~deb13u2.dsc
 6548f0874c6c78def9772ce5ed561168 147008 libs optional glib2.0_2.84.4-3~deb13u2.debian.tar.xz
 0dcc3f50320457328878628f543ee4d2 7656 libs optional glib2.0_2.84.4-3~deb13u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmk8jPgACgkQI1wJnT6z
MHbV/A/8Ck9ZRg7a/X5adD/Bt6vQ8FbHBaTuw4Hmb1r3wecDKGRAj/Aa7+goZgxh
pgzaa0P9dDYC2pKxMWRv8YZ5OoFrlVfwUOunbh1736Y0F2pTSB2aKKFEt4rNM+Bs
hl2vJ7LMdsDVaMaBC9X6Lj6uy1fR+DcyGaunDGMBQfEIAvHewgSAw17/p/HNMZgp
VnA7o3oJXXphTVeYYN65XScj2sQsyGDRLfjVAVs4QrIGee3mniIMf4VkU32HAXeK
zSQruFIcYfX5XFvnt88CK+XWnGGNew53OtTFnj/hGKyZejnS9+8rKVuFcnkQnqTO
bzeMV7A/xVXBT7njUGB1a8c6weJzZtuaxlOPw0eigNhxr2rGComIw7uV1ZdELCJK
RIy97dq9bOFz0lupRgS31z8gTLD+3ENjgMecHPd5ZGG5xI0STSB9rDxL+1kWHABS
+X4ECg4jfQEXWeAujmWIpGbTZ3pRhRq2ybbRBJ13Sc05IJiM6QnOQwhDOHamNuMy
AOWYKwP92CCUHD1oKmfnqeodFNpPxWw8qAbgW93r6BEy1757scqHq3dn0Gj8pNgS
fp15Hzn02FAw09Qx2k63dvCr8k3RV+YtFGmYVYfxeuQok/TNI7YnKE1PHP1W88ei
DjKx8Eq3mFiVNM/Wn+UgkBRErdhb9Dk31/OXmcrTQ0r0OQR+Swc=
=YrG1
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20251212/f32aea7e/attachment.sig>

More information about the pkg-gnome-maintainers mailing list