Package "glib2.0"

Name: glib2.0


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GLib library of C routines
  • Programs for the GLib library
  • Common files for GLib library
  • Development files for the GLib library

Latest version: 2.66.1-2ubuntu0.2
Release: groovy (20.10)
Level: updates
Repository: main


Other versions of "glib2.0" in Groovy

Repository Area Version
base universe 2.66.1-2
base main 2.66.1-2
security main 2.66.1-2ubuntu0.2
security universe 2.66.1-2ubuntu0.2
updates universe 2.66.1-2ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Version: 2.66.1-2ubuntu0.2 2021-03-15 20:06:26 UTC

  glib2.0 (2.66.1-2ubuntu0.2) groovy-security; urgency=medium

  * SECURITY UPDATE: incorrect g_file_replace() symlink handling
    - debian/patches/CVE-2021-28153-1.patch: fix a typo in a comment in
    - debian/patches/CVE-2021-28153-2.patch: stop using g_test_bug_base()
      in file tests in gio/tests/file.c.
    - debian/patches/CVE-2021-28153-3.patch: factor out a flag check in
    - debian/patches/CVE-2021-28153-4.patch: fix CREATE_REPLACE_DESTINATION
      with symlinks in gio/glocalfileoutputstream.c, gio/tests/file.c.
    - debian/patches/CVE-2021-28153-5.patch: add a missing O_CLOEXEC flag
      to replace() in gio/glocalfileoutputstream.c.
    - CVE-2021-28153

 -- Marc Deslauriers <email address hidden> Fri, 12 Mar 2021 11:19:01 -0500

Source diff to previous version
CVE-2021-28153 An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a

Version: 2.66.1-2ubuntu0.1 2021-03-08 20:07:36 UTC

  glib2.0 (2.66.1-2ubuntu0.1) groovy-security; urgency=medium

  * SECURITY UPDATE: g_byte_array_new_take length truncation
    - debian/patches/CVE-2021-2721x/CVE-2021-27218.patch: do not accept too
      large byte arrays in glib/garray.c, glib/gbytes.c,
    - CVE-2021-27218
  * SECURITY UPDATE: integer overflow in g_bytes_new
    - debian/patches/CVE-2021-2721x/CVE-2021-27219*.patch: add internal
      g_memdup2() function and use it instead of g_memdup() in a bunch of
    - CVE-2021-27219

 -- Marc Deslauriers <email address hidden> Tue, 02 Mar 2021 11:30:03 -0500

CVE-2021-27218 An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a
CVE-2021-27219 An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms du

About   -   Send Feedback to @ubuntu_updates