Re: Bug#933535: buster-pu: package glib2.0/2.58.3-2+deb10u1

To: Simon McVittie <smcv@debian.org>, 933535@bugs.debian.org
Cc: kibi@debian.org, debian-boot@lists.debian.org
Subject: Re: Bug#933535: buster-pu: package glib2.0/2.58.3-2+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 05 Aug 2019 19:48:53 +0100
Message-id: <[🔎] 1565030933.14830.29.camel@adam-barratt.org.uk>
In-reply-to: <20190731101309.GA8295@espresso.pseudorandom.co.uk>
References: <20190731101309.GA8295@espresso.pseudorandom.co.uk>

Control: tags -1 + confirmed

On Wed, 2019-07-31 at 11:13 +0100, Simon McVittie wrote:
> GLib in buster is vulnerable to CVE-2019-13012 (configuration files
> and directories created with more open permissions than intended),
> which the security team have indicated is too minor for a DSA.
> <https://bugs.debian.org/931234>
> 
> GLib has a udeb, so this technically needs a d-i ack, although I
> can't imagine why d-i would either use GKeyfileSettingsBackend or
> care about the resulting permissions.

It does seem rather unlikely, but let's do the CC-for-ack dance in any
case.

Regards,

Adam

Reply to:

Follow-Ups:
- Re: Bug#933535: buster-pu: package glib2.0/2.58.3-2+deb10u1
  - From: Cyril Brulebois <kibi@debian.org>

Prev by Date: Bug#933978: installation-reports: Use of GUI install fails on upgrade from Stretch to Buster - GTX 660
Next by Date: Bug#927165: luks 2 in Buster
Previous by thread: Bug#933978: installation-reports: Use of GUI install fails on upgrade from Stretch to Buster - GTX 660
Next by thread: Re: Bug#933535: buster-pu: package glib2.0/2.58.3-2+deb10u1
Index(es):
- Date
- Thread