UbuntuUpdates.org

Package "libglib2.0-dev"

Name: libglib2.0-dev

Description:

Development files for the GLib library
Latest version: 2.72.4-0ubuntu2.8
Release: jammy (22.04)
Level: security
Repository: main
Head package: glib2.0
Homepage: https://wiki.gnome.org/Projects/GLib

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libglib2.0-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libglib2.0-dev" in Jammy

Repository Area Version
base main 2.72.1-1
updates main 2.72.4-0ubuntu2.8

Changelog

Version: 2.72.4-0ubuntu2.8 2026-01-21 18:03:10 UTC

  glib2.0 (2.72.4-0ubuntu2.8) jammy-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in g_buffered_input_stream_peek()
    - debian/patches/CVE-2026-0988.patch: fix a potential integer overflow
      in peek() in gio/gbufferedinputstream.c,
      gio/tests/buffered-input-stream.c.
    - CVE-2026-0988

 -- Marc Deslauriers <email address hidden> Tue, 20 Jan 2026 08:55:03 -0500
Source diff to previous version

Version: 2.72.4-0ubuntu2.7 2026-01-06 19:08:42 UTC

  glib2.0 (2.72.4-0ubuntu2.7) jammy-security; urgency=medium

  * SECURITY UPDATE: overflow via long invalid ISO 8601 timestamp
    - debian/patches/CVE-2025-3360-1.patch: fix integer overflow when
      parsing very long ISO8601 inputs in glib/gdatetime.c.
    - debian/patches/CVE-2025-3360-2.patch: fix potential integer overflow
      in timezone offset handling in glib/gdatetime.c.
    - debian/patches/CVE-2025-3360-3.patch: track timezone length as an
      unsigned size_t in glib/gdatetime.c.
    - debian/patches/CVE-2025-3360-4.patch: factor out some string pointer
      arithmetic in glib/gdatetime.c.
    - debian/patches/CVE-2025-3360-5.patch: factor out an undersized
      variable in glib/gdatetime.c.
    - debian/patches/CVE-2025-3360-6.patch: add some missing GDateTime
      ISO8601 parsing tests in glib/tests/gdatetime.c.
    - CVE-2025-3360
  * SECURITY UPDATE: GString overflow
    - debian/patches/CVE-2025-6052.patch: fix overflow check when expanding
      the string in glib/gstring.c.
    - CVE-2025-6052
  * SECURITY UPDATE: integer overflow in temp file creation
    - debian/patches/CVE-2025-7039.patch: fix computation of temporary file
      name in glib/gfileutils.c.
    - CVE-2025-7039
  * SECURITY UPDATE: heap overflow in g_escape_uri_string()
    - debian/patches/CVE-2025-13601.patch: add overflow check in
      glib/gconvert.c.
    - CVE-2025-13601
  * SECURITY UPDATE: buffer underflow through glib/gvariant
    - debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow
      parsing (byte)strings in glib/gvariant-parser.c.
    - debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of
      child elements in glib/gvariant-parser.c.
    - debian/patches/CVE-2025-14087-3.patch: convert error handling code to
      use size_t in glib/gvariant-parser.c.
    - CVE-2025-14087
  * SECURITY UPDATE: integer overflow in gfileattribute
    - debian/patches/gfileattribute-overflow.patch: add overflow check in
      gio/gfileattribute.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Wed, 10 Dec 2025 11:09:12 -0500
Source diff to previous version
CVE-2025-3360 A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_fro
CVE-2025-6052 A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input ca
CVE-2025-7039 A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potenti
CVE-2025-13601 A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the
CVE-2025-14087 A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potenti

Version: 2.72.4-0ubuntu2.5 2025-05-27 12:07:26 UTC

  glib2.0 (2.72.4-0ubuntu2.5) jammy-security; urgency=medium

  * SECURITY UPDATE: Integer Overflow
    - debian/patches/CVE-2025-4373-1.patch: carefully handle gssize
      in glib/gstring.c.
    - debian/patches/CVE-2025-4373-2.patch: make len_unsigned
      unsigned in glib/gstring.c
    - CVE-2025-4373

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 12 May 2025 05:34:39 -0300
Source diff to previous version
CVE-2025-4373 A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert

Version: 2.72.4-0ubuntu2.4 2024-11-18 19:07:09 UTC

  glib2.0 (2.72.4-0ubuntu2.4) jammy-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2024-52533.patch: fix a single byte buffer
      overflow in connect messages in gio/gsocks4aproxy.c.
    - CVE-2024-52533

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 13 Nov 2024 14:54:48 -0300
Source diff to previous version
CVE-2024-52533 gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient f

Version: 2.72.4-0ubuntu2.3 2024-05-09 15:07:11 UTC

  glib2.0 (2.72.4-0ubuntu2.3) jammy-security; urgency=medium

  [ Marco Trevisan (Treviño) ]
  * debian/patches: Backport patches to handle CVE-2024-34397

  [ Marc Deslauriers ]
  * debian/patches/gdbusconnection-regression.patch: fix ibus regression.
  * debian/control*: added Breaks for gnome-shell without regression fix.

 -- Marc Deslauriers <email address hidden> Wed, 08 May 2024 13:22:46 -0400
CVE-2024-34397 An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trus


About   -   Send Feedback to @ubuntu_updates