Bug#1107843: unblock: glib2.0/2.84.3-1

[Simon McVittie]

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: glib2.0 at packages.debian.org
Control: affects -1 + src:glib2.0
User: release.debian.org at packages.debian.org
Usertags: unblock

Please unblock package glib2.0

[ Reason ]
Fix CVE-2025-6052

[ Impact ]
If not accepted, automated vulnerability scanners will warn about an 
unfixed vulnerability, and there could conceivably be a program in which 
an attacker can trigger a buffer overflow (although it seems unlikely; 
the failure scenario is rather contrived, and involves using up the entire 
address space for text strings).

I took the opportunity to fix a minor documentation bug (outdated 
Homepage field).

[ Tests ]
The automated test suite is fairly comprehensive and still passes (at 
build-time and as an autopkgtest). There is no coverage for 
CVE-2025-6052, because it would have to involve allocating multiple 
gigabytes of memory even on 32-bit.

My GNOME desktop still operates normally.

[ Risks ]
Key package in most (all?) of our desktop environments, but the changes 
are very narrowly targeted.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock glib2.0/2.84.3-1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: glib2.0.diff
Type: text/x-diff
Size: 3538 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20250615/c04d96ca/attachment.diff>