[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#982779: libglib2.0-0: Integer overflow in g_byte_array_new_take()/g_bytes_unref_to_array() on 64-bit platforms

Package: libglib2.0-0
Version: 2.31.8-1
Severity: important
Tags: security fixed-upstream
Forwarded: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
X-Debbugs-Cc: team@security.debian.org, debian-lts@lists.debian.org
Control: close -1 2.66.7-1

Krzesimir Nowak discovered an integer overflow similar to, but not the
same as, GHSL-2021-045 (see separate bug report) which was fixed in
GLib 2.66.7. Any backports of this fix into older distribution releases
should probably be done at the same time as GHSL-2021-045, but the fixed
version upstream is different, so I've requested a separate CVE ID for it.


Reply to: