Bug#1107797: glib2.0: CVE-2025-6052
Simon McVittie
smcv at debian.org
Sun Jun 15 12:16:40 BST 2025
On Sun, 15 Jun 2025 at 08:16:20 +0200, Salvatore Bonaccorso wrote:
>On Sat, Jun 14, 2025 at 11:15:00PM +0100, Simon McVittie wrote:
>> On Sat, 14 Jun 2025 at 22:51:55 +0200, Salvatore Bonaccorso wrote:
>> > [1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4655
>>
>> I don't think this is plausibly attacker-triggerable [...]
>
>Thanks for the analysis. Yes agreed, then we do not need for trixie
>already unless you plan anyway another update. Otherwise let's first
>land in forky later.
There's a new upstream release with this as its only change, and if we
integrate that now it'll make the next security or bugfix update easier,
and I'm doing freeze exception requests for other GNOME packages anyway,
so I might as well upload it; but I wanted to point out that the
practical impact is more like "silence security-vulnerability scanners"
than fixing an actual vulnerability, so that we don't get the wrong
idea about its priority.
smcv
More information about the pkg-gnome-maintainers
mailing list