Package "libglib2.0-data"
Name: |
libglib2.0-data
|
Description: |
Common files for GLib library
|
Latest version: |
2.64.6-1~ubuntu20.04.6 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
main |
Head package: |
glib2.0 |
Homepage: |
http://www.gtk.org/ |
Links
Download "libglib2.0-data"
Other versions of "libglib2.0-data" in Focal
Changelog
glib2.0 (2.64.6-1~ubuntu20.04.6) focal-security; urgency=medium
* SECURITY UPDATE: multiple GVariant security issues
- debian/patches/gvariant-security-*.patch: backported upstream fixes
for GVariant normalization issues.
- CVE-2023-24593, CVE-2023-29499, CVE-2023-25180, CVE-2023-32611,
CVE-2023-32636, CVE-2023-32643, CVE-2023-32665
-- Marc Deslauriers <email address hidden> Thu, 08 Jun 2023 10:20:31 -0400
|
Source diff to previous version |
CVE-2023-29499 |
GVariant offset table entry size is not checked in is_normal() |
CVE-2023-32611 |
g_variant_byteswap() can take a long time with some non-normal inputs |
CVE-2023-32665 |
GVariant deserialisation does not match spec for non-normal data |
|
glib2.0 (2.64.6-1~ubuntu20.04.4) focal; urgency=medium
* Initialise memory used for file builder buffers to zero, since memory
artifacts found themseleves into gschema.compiled files, leading to glib
being unable to parse the gschema.compiled files, causing gdm, gnome-shell
and various gnome applications to fail to
start. (LP: #1930359)
- d/p/gvdb-builder-Initialise-some-memory-to-zero-in-the-bloom-.patch
-- Matthew Ruffell <email address hidden> Mon, 12 Jul 2021 15:56:16 +0100
|
Source diff to previous version |
1930359 |
glib2.0: Uninitialised memory is written to gschema.compiled, failure to parse this file leads to gdm, gnome-shell failing to start |
|
glib2.0 (2.64.6-1~ubuntu20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: incorrect g_file_replace() symlink handling
- debian/patches/CVE-2021-28153-1.patch: fix a typo in a comment in
gio/glocalfileoutputstream.c.
- debian/patches/CVE-2021-28153-2.patch: stop using g_test_bug_base()
in file tests in gio/tests/file.c.
- debian/patches/CVE-2021-28153-3.patch: factor out a flag check in
gio/glocalfileoutputstream.c.
- debian/patches/CVE-2021-28153-4.patch: fix CREATE_REPLACE_DESTINATION
with symlinks in gio/glocalfileoutputstream.c, gio/tests/file.c.
- debian/patches/CVE-2021-28153-5.patch: add a missing O_CLOEXEC flag
to replace() in gio/glocalfileoutputstream.c.
- CVE-2021-28153
-- Marc Deslauriers <email address hidden> Fri, 12 Mar 2021 11:38:38 -0500
|
Source diff to previous version |
CVE-2021-28153 |
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a |
|
glib2.0 (2.64.6-1~ubuntu20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: g_byte_array_new_take length truncation
- debian/patches/CVE-2021-2721x/CVE-2021-27218.patch: do not accept too
large byte arrays in glib/garray.c, glib/gbytes.c,
glib/tests/bytes.c.
- CVE-2021-27218
* SECURITY UPDATE: integer overflow in g_bytes_new
- debian/patches/CVE-2021-2721x/CVE-2021-27219*.patch: add internal
g_memdup2() function and use it instead of g_memdup() in a bunch of
places.
- CVE-2021-27219
-- Marc Deslauriers <email address hidden> Tue, 02 Mar 2021 12:28:09 -0500
|
Source diff to previous version |
CVE-2021-27218 |
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a |
CVE-2021-27219 |
An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms du |
|
glib2.0 (2.64.6-1~ubuntu20.04.1) focal; urgency=medium
[ Iain Lane ]
* New upstream release (LP: #1907433), fixing bugs:
- Ensure g_subprocess_communicate_async() never blocks
- Fix large writes in gfileutils
- Fix splice behavior on cancellation
- gdatetime: Avoid integer overflow creating dates too far in the past
- gdesktopappinfo: Fix unnecessarily copied and leaked URI list
- gthreadedresolver: faulty logic in parse_res_txt
- gtk3/glib crash on gimp
- gvariant: Ensure GVS.depth is initialised
- trash portal: Handle portal failures
* gbp.conf: Set upstream branch to upstream/2.64.x
* Drop patches applied upstream:
- glib-compile-resources-Fix-exporting-on-Visual-Studio.patch
- gdesktopappinfo-Fix-unnecessarily-copied-and-leaked-URI-l.patch
* Revert changes from Debian which we don't need in this SRU:
+ Revert "d/tests/build: Don't exercise static linking for GIO"
+ control{,.in}: Re-lower libmount BD version.
The problems that prompted this to be raised happened post-focal.
-- Iain Lane <email address hidden> Wed, 09 Dec 2020 11:23:14 +0000
|
1907433 |
[SRU] New stable release 2.64.6 |
|
About
-
Send Feedback to @ubuntu_updates