UbuntuUpdates.org

Package "glib2.0"

Name: glib2.0

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GLib library of C routines
  • Debugging symbols for the GLib libraries
  • Programs for the GLib library
  • Common files for GLib library

Latest version: 2.48.2-0ubuntu4.8
Release: xenial (16.04)
Level: security
Repository: main

Links



Other versions of "glib2.0" in Xenial

Repository Area Version
base main 2.48.0-1ubuntu4
base universe 2.48.0-1ubuntu4
security universe 2.48.2-0ubuntu4.8
updates main 2.48.2-0ubuntu4.8
updates universe 2.48.2-0ubuntu4.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.48.2-0ubuntu4.8 2021-03-15 19:06:20 UTC

  glib2.0 (2.48.2-0ubuntu4.8) xenial-security; urgency=medium

  * SECURITY UPDATE: incorrect g_file_replace() symlink handling
    - debian/patches/CVE-2021-28153-pre1.patch: allow g_test_bug() to be
      used without g_test_bug_base() in /glib/gtestutils.c.
    - debian/patches/CVE-2021-28153-1.patch: fix a typo in a comment in
      gio/glocalfileoutputstream.c.
    - debian/patches/CVE-2021-28153-2.patch: stop using g_test_bug_base()
      in file tests in gio/tests/file.c.
    - debian/patches/CVE-2021-28153-3.patch: factor out a flag check in
      gio/glocalfileoutputstream.c.
    - debian/patches/CVE-2021-28153-4.patch: fix CREATE_REPLACE_DESTINATION
      with symlinks in gio/glocalfileoutputstream.c, gio/tests/file.c.
    - debian/patches/CVE-2021-28153-5.patch: add a missing O_CLOEXEC flag
      to replace() in gio/glocalfileoutputstream.c.
    - CVE-2021-28153

 -- Marc Deslauriers <email address hidden> Fri, 12 Mar 2021 12:35:32 -0500

Source diff to previous version
CVE-2021-28153 An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a

Version: 2.48.2-0ubuntu4.7 2021-03-08 20:07:25 UTC

  glib2.0 (2.48.2-0ubuntu4.7) xenial-security; urgency=medium

  * SECURITY UPDATE: g_byte_array_new_take length truncation
    - debian/patches/CVE-2021-2721x/CVE-2021-27218.patch: do not accept too
      large byte arrays in glib/garray.c, glib/gbytes.c,
      glib/tests/bytes.c.
    - CVE-2021-27218
  * SECURITY UPDATE: integer overflow in g_bytes_new
    - debian/patches/CVE-2021-2721x/CVE-2021-27219*.patch: add internal
      g_memdup2() function and use it instead of g_memdup() in a bunch of
      places.
    - CVE-2021-27219

 -- Marc Deslauriers <email address hidden> Wed, 03 Mar 2021 07:23:43 -0500

Source diff to previous version
CVE-2021-27218 An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a
CVE-2021-27219 An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms du

Version: 2.48.2-0ubuntu4.6 2020-03-24 08:07:03 UTC

  glib2.0 (2.48.2-0ubuntu4.6) xenial-security; urgency=medium

  * No-change rebuild for -security

 -- Alex Murray <email address hidden> Tue, 24 Mar 2020 11:28:34 +1030

Source diff to previous version

Version: 2.48.2-0ubuntu4.4 2019-08-05 20:06:48 UTC

  glib2.0 (2.48.2-0ubuntu4.4) xenial-security; urgency=medium

  * SECURITY REGRESSION: regression in last security update (LP: #1838890)
    - debian/patches/CVE-2019-13012-regression.patch: fix a
      memory leak introduced by the last security update while
      not properly handled the g_file_get_patch function in
      gio/gkeyfilesettingsbackend.c.

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 05 Aug 2019 12:09:36 -0300

Source diff to previous version
1838890 Suspected memory leak in xenial backport of fix for CVE-2019-13012
CVE-2019-13012 The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.59.1 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL,

Version: 2.48.2-0ubuntu4.3 2019-07-08 17:07:24 UTC

  glib2.0 (2.48.2-0ubuntu4.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Not properly restrict directory and file permissions
    - debian/patches/CVE-2019-13012.patch: changes the permissions when
      a directory is created, using 700 instead 777 in
      gio/gkeyfilesettingsbackend.c and changes test to run in a temp
      directory in gio/tests/gsettings.c.
    - CVE-2019-13012

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 03 Jul 2019 15:24:33 -0300

CVE-2019-13012 The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.59.1 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL,



About   -   Send Feedback to @ubuntu_updates