Re: Bug#933535: buster-pu: package glib2.0/2.58.3-2+deb10u1
Control: tags -1 + confirmed
On Wed, 2019-07-31 at 11:13 +0100, Simon McVittie wrote:
> GLib in buster is vulnerable to CVE-2019-13012 (configuration files
> and directories created with more open permissions than intended),
> which the security team have indicated is too minor for a DSA.
> <https://bugs.debian.org/931234>
>
> GLib has a udeb, so this technically needs a d-i ack, although I
> can't imagine why d-i would either use GKeyfileSettingsBackend or
> care about the resulting permissions.
It does seem rather unlikely, but let's do the CC-for-ack dance in any
case.
Regards,
Adam
Reply to: