UbuntuUpdates.org

Package "libglib2.0-0"

Name: libglib2.0-0

Description:

GLib library of C routines

Latest version: 2.48.2-0ubuntu4.8
Release: xenial (16.04)
Level: updates
Repository: main
Head package: glib2.0
Homepage: http://www.gtk.org/

Links


Download "libglib2.0-0"


Other versions of "libglib2.0-0" in Xenial

Repository Area Version
base main 2.48.0-1ubuntu4
security main 2.48.2-0ubuntu4.8

Changelog

Version: 2.48.2-0ubuntu4.8 2021-03-15 20:06:19 UTC

  glib2.0 (2.48.2-0ubuntu4.8) xenial-security; urgency=medium

  * SECURITY UPDATE: incorrect g_file_replace() symlink handling
    - debian/patches/CVE-2021-28153-pre1.patch: allow g_test_bug() to be
      used without g_test_bug_base() in /glib/gtestutils.c.
    - debian/patches/CVE-2021-28153-1.patch: fix a typo in a comment in
      gio/glocalfileoutputstream.c.
    - debian/patches/CVE-2021-28153-2.patch: stop using g_test_bug_base()
      in file tests in gio/tests/file.c.
    - debian/patches/CVE-2021-28153-3.patch: factor out a flag check in
      gio/glocalfileoutputstream.c.
    - debian/patches/CVE-2021-28153-4.patch: fix CREATE_REPLACE_DESTINATION
      with symlinks in gio/glocalfileoutputstream.c, gio/tests/file.c.
    - debian/patches/CVE-2021-28153-5.patch: add a missing O_CLOEXEC flag
      to replace() in gio/glocalfileoutputstream.c.
    - CVE-2021-28153

 -- Marc Deslauriers <email address hidden> Fri, 12 Mar 2021 12:35:32 -0500

Source diff to previous version
CVE-2021-28153 An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a

Version: 2.48.2-0ubuntu4.7 2021-03-08 20:07:26 UTC

  glib2.0 (2.48.2-0ubuntu4.7) xenial-security; urgency=medium

  * SECURITY UPDATE: g_byte_array_new_take length truncation
    - debian/patches/CVE-2021-2721x/CVE-2021-27218.patch: do not accept too
      large byte arrays in glib/garray.c, glib/gbytes.c,
      glib/tests/bytes.c.
    - CVE-2021-27218
  * SECURITY UPDATE: integer overflow in g_bytes_new
    - debian/patches/CVE-2021-2721x/CVE-2021-27219*.patch: add internal
      g_memdup2() function and use it instead of g_memdup() in a bunch of
      places.
    - CVE-2021-27219

 -- Marc Deslauriers <email address hidden> Wed, 03 Mar 2021 07:23:43 -0500

Source diff to previous version
CVE-2021-27218 An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a
CVE-2021-27219 An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms du

Version: 2.48.2-0ubuntu4.6 2020-03-24 09:06:30 UTC

  glib2.0 (2.48.2-0ubuntu4.6) xenial-security; urgency=medium

  * No-change rebuild for -security

 -- Alex Murray <email address hidden> Tue, 24 Mar 2020 11:28:34 +1030

Source diff to previous version

Version: 2.48.2-0ubuntu4.5 2020-03-24 01:07:21 UTC

  glib2.0 (2.48.2-0ubuntu4.5) xenial; urgency=medium

  * d/p/gcredentialsprivate-Document-the-various-private-macros.patch,
    d/p/credentials-Invalid-Linux-struct-ucred-means-no-informati.patch,
    d/p/GDBus-prefer-getsockopt-style-credentials-passing-APIs.patch:
    - Ensure libdbus clients can authenticate with a GDBusServer like
      the one in ibus. The patches cherry picked from 2.62.2-2 in focal
      in order to allow the ibus fix of CVE-2019-14822 to be re-enabled
      without breaking ibus for Qt applications (LP: #1844853).

 -- Gunnar Hjalmarsson <email address hidden> Thu, 31 Oct 2019 00:48:00 +0100

Source diff to previous version
1844853 IBus no longer works in Qt applications after upgrade
CVE-2019-14822 missing authorization flaw

Version: 2.48.2-0ubuntu4.4 2019-08-05 20:06:49 UTC

  glib2.0 (2.48.2-0ubuntu4.4) xenial-security; urgency=medium

  * SECURITY REGRESSION: regression in last security update (LP: #1838890)
    - debian/patches/CVE-2019-13012-regression.patch: fix a
      memory leak introduced by the last security update while
      not properly handled the g_file_get_patch function in
      gio/gkeyfilesettingsbackend.c.

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 05 Aug 2019 12:09:36 -0300

1838890 Suspected memory leak in xenial backport of fix for CVE-2019-13012
CVE-2019-13012 The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.59.1 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL,



About   -   Send Feedback to @ubuntu_updates