UbuntuUpdates.org

Package "libglib2.0-dev"

Name: libglib2.0-dev

Description:

Development files for the GLib library

Latest version: 2.56.4-0ubuntu0.18.04.9
Release: bionic (18.04)
Level: updates
Repository: main
Head package: glib2.0
Homepage: http://www.gtk.org/

Links


Download "libglib2.0-dev"


Other versions of "libglib2.0-dev" in Bionic

Repository Area Version
base main 2.56.1-2ubuntu1
security main 2.56.4-0ubuntu0.18.04.9

Changelog

Version: 2.56.4-0ubuntu0.18.04.9 2021-12-13 21:07:19 UTC

  glib2.0 (2.56.4-0ubuntu0.18.04.9) bionic-security; urgency=medium

  * SECURITY UPDATE: Privilege Escalation
    - debian/patches/CVE-2021-3800.patch: Drop a redundant environment
      variable in _g_locale_get_charset_aliases function at
      libcharset/localcharset.c.
    - CVE-2021-3800

 -- Rodrigo Figueiredo Zaiden <email address hidden> Mon, 29 Nov 2021 13:42:57 -0300

Source diff to previous version
CVE-2021-3800 RESERVED

Version: 2.56.4-0ubuntu0.18.04.8 2021-03-15 20:06:22 UTC

  glib2.0 (2.56.4-0ubuntu0.18.04.8) bionic-security; urgency=medium

  * SECURITY UPDATE: incorrect g_file_replace() symlink handling
    - debian/patches/CVE-2021-28153-pre1.patch: allow g_test_bug() to be
      used without g_test_bug_base() in /glib/gtestutils.c.
    - debian/patches/CVE-2021-28153-1.patch: fix a typo in a comment in
      gio/glocalfileoutputstream.c.
    - debian/patches/CVE-2021-28153-2.patch: stop using g_test_bug_base()
      in file tests in gio/tests/file.c.
    - debian/patches/CVE-2021-28153-3.patch: factor out a flag check in
      gio/glocalfileoutputstream.c.
    - debian/patches/CVE-2021-28153-4.patch: fix CREATE_REPLACE_DESTINATION
      with symlinks in gio/glocalfileoutputstream.c, gio/tests/file.c.
    - debian/patches/CVE-2021-28153-5.patch: add a missing O_CLOEXEC flag
      to replace() in gio/glocalfileoutputstream.c.
    - CVE-2021-28153

 -- Marc Deslauriers <email address hidden> Fri, 12 Mar 2021 12:27:31 -0500

Source diff to previous version
CVE-2021-28153 An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a

Version: 2.56.4-0ubuntu0.18.04.7 2021-03-08 20:07:30 UTC

  glib2.0 (2.56.4-0ubuntu0.18.04.7) bionic-security; urgency=medium

  * SECURITY UPDATE: g_byte_array_new_take length truncation
    - debian/patches/CVE-2021-2721x/CVE-2021-27218.patch: do not accept too
      large byte arrays in glib/garray.c, glib/gbytes.c,
      glib/tests/bytes.c.
    - CVE-2021-27218
  * SECURITY UPDATE: integer overflow in g_bytes_new
    - debian/patches/CVE-2021-2721x/CVE-2021-27219*.patch: add internal
      g_memdup2() function and use it instead of g_memdup() in a bunch of
      places.
    - CVE-2021-27219

 -- Marc Deslauriers <email address hidden> Wed, 03 Mar 2021 06:29:59 -0500

Source diff to previous version
CVE-2021-27218 An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a
CVE-2021-27219 An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms du

Version: 2.56.4-0ubuntu0.18.04.6 2020-03-24 09:06:34 UTC

  glib2.0 (2.56.4-0ubuntu0.18.04.6) bionic-security; urgency=medium

  * No-change rebuild for -security

 -- Alex Murray <email address hidden> Tue, 24 Mar 2020 11:27:40 +1030

Source diff to previous version

Version: 2.56.4-0ubuntu0.18.04.5 2020-03-24 01:07:25 UTC

  glib2.0 (2.56.4-0ubuntu0.18.04.5) bionic; urgency=medium

  [ Gunnar Hjalmarsson ]
  * d/p/gcredentialsprivate-Document-the-various-private-macros.patch,
    d/p/credentials-Invalid-Linux-struct-ucred-means-no-informati.patch,
    d/p/GDBus-prefer-getsockopt-style-credentials-passing-APIs.patch:
    - Ensure libdbus clients can authenticate with a GDBusServer like
      the one in ibus. The patches cherry picked from 2.62.2-2 in focal
      in order to allow the ibus fix of CVE-2019-14822 to be re-enabled
      without breaking ibus for Qt applications (LP: #1844853).

  [ Iain Lane ]
  * d/p/Add-a-test-for-GDBusServer-authentication.patch: Additionally backport
    this commit to add a test for the above fixes.
    + BD on libdbus-1-dev so that the above test gets run properly.

 -- Gunnar Hjalmarsson <email address hidden> Thu, 31 Oct 2019 00:16:00 +0100

1844853 IBus no longer works in Qt applications after upgrade
CVE-2019-14822 missing authorization flaw



About   -   Send Feedback to @ubuntu_updates