[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted glib2.0 2.58.3-2+deb10u6 (source) into oldoldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 13 May 2024 22:06:10 CEST
Source: glib2.0
Architecture: source
Version: 2.58.3-2+deb10u6
Distribution: buster-security
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Checksums-Sha1:
 ab2c09cfb08bd7916c54cf7178fdd143c43d706f 3485 glib2.0_2.58.3-2+deb10u6.dsc
 f5d81b31ecb92f2920d8626768ae24dd41a8d49c 148468 glib2.0_2.58.3-2+deb10u6.debian.tar.xz
 e6ed366c8aeed9d74630202641a151c2d008993a 8817 glib2.0_2.58.3-2+deb10u6_source.buildinfo
Checksums-Sha256:
 66bed4b3fa52679c2dc648aa64d3966e585528a99ea38776854752acd9714279 3485 glib2.0_2.58.3-2+deb10u6.dsc
 1e5a8b2922d60421ca0f5c8078a6efeaa037b9e5f7b0cdaabc2a4f54ffdc7f99 148468 glib2.0_2.58.3-2+deb10u6.debian.tar.xz
 65da2e1663f1df3d6b18c847bc0a30cf15f2ca388928cdd83f9cb7a27ee43790 8817 glib2.0_2.58.3-2+deb10u6_source.buildinfo
Changes:
 glib2.0 (2.58.3-2+deb10u6) buster-security; urgency=high
 .
   * d/patches: Backport GDBus fixes from 2.80.1, 2.80.2
     - If local users send signals on the D-Bus system bus that spoof a
       trusted sender, do not deliver them to signal subscriptions for the
       trusted sender's well-known bus name (CVE-2024-34397)
     - Fix a use-after-free when subscribing to signals with an arg0
       match rule, originally from 2.79.0 and necessary to make the test
       for CVE-2024-34397 pass reliably
     - Add a local backport of g_set_str(), required by the above
     - Relax name owner checks to avoid a regression in ibus
       (avoids: #1070730, etc.)
   * d/p/gdbusmessage-Clean-the-cached-arg0-when-setting-the-messa.patch:
     Add patch from upstream fixing a memory leak that can occur in
     rare situations with the above changes (avoids: #1070851)
Files:
 543ceb74c3de35b946b2cb06f71b40b4 3485 libs optional glib2.0_2.58.3-2+deb10u6.dsc
 4d808b9288cafb33201d714878293209 148468 libs optional glib2.0_2.58.3-2+deb10u6.debian.tar.xz
 5bf8db6bfaef5d7bc0994ef64fb5679e 8817 libs optional glib2.0_2.58.3-2+deb10u6_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmZCcyFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkT5YP/3l4PDT1AeZThaue8vGBSZhc5ZcYaDTKQjZA
RB7rWYf+m7sm0TwZelSinU8+koSF/e0p2xpPijGH06w0NHMnIlcxlmOu1+f2TiHC
xagLPsC3TbEiml7AVP7MRZxqHiPwc7HDWeSpyjHgprejHuc7tNuVbFaOQjRs7hGi
78sdwkmko7ont9iWlZVJh4Nm7H+bpeSjI607WcAiUbgSBZcR/TTSH+RJAGQcg4B1
iDa7X430VcHxppGAQWipnK5c2EbZhGkQ10j+/day9qZ7AyhGPKdJj93RKG5oninP
dn4lK6APA4f42qZdD+/iFMjjMiGCylY9a1qCMI77nQkExUI9SDAIdv85l49F6+OO
9Gw6LUtZkPX88sH+my6DXR8idcjMo/Ab+k9mzPfXXEk56RKu7ybDMeI0hEi/9JGY
lcMC3l9gX9i2kX2CFvqjp7ZjS0ASiZFVOOxeCDPd2FZYmJ9Ef+HmMGXxU0Z65VO6
0CE2gap4+9gi4+wNvy194RDA9hCHjH8Zui3w+SxIt7OEGHizaMHcsxu5STkgl7TF
v21hgatn3L0WqgYFeGuWJ1P6XOVdT/Yw3O0gKr8Qp+PD4HTd7OnssC/KDLdZ83Uv
DahHBpSum2oafJ0ONv2XPp+mPo8OcOuy0JrhTT1/fqbGMEqTLx1xlvuTAiiQSoj5
nh8yIv6A
=EXku
-----END PGP SIGNATURE-----

Attachment: pgpOOsebPu_Ka.pgp
Description: PGP signature

Reply to: