Bug#982779: libglib2.0-0: Integer overflow in g_byte_array_new_take()/g_bytes_unref_to_array() on 64-bit platforms

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#982779: libglib2.0-0: Integer overflow in g_byte_array_new_take()/g_bytes_unref_to_array() on 64-bit platforms
From: Simon McVittie <smcv@debian.org>
Date: Sun, 14 Feb 2021 11:42:04 +0000
Message-id: <[🔎] YCkMjBEANgrkKyfz@momentum.pseudorandom.co.uk>
Reply-to: Simon McVittie <smcv@debian.org>, 982779@bugs.debian.org

Package: libglib2.0-0
Version: 2.31.8-1
Severity: important
Tags: security fixed-upstream
Forwarded: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
X-Debbugs-Cc: team@security.debian.org, debian-lts@lists.debian.org
Control: close -1 2.66.7-1

Krzesimir Nowak discovered an integer overflow similar to, but not the
same as, GHSL-2021-045 (see separate bug report) which was fixed in
GLib 2.66.7. Any backports of this fix into older distribution releases
should probably be done at the same time as GHSL-2021-045, but the fixed
version upstream is different, so I've requested a separate CVE ID for it.

    smcv

Reply to:

Prev by Date: Bug#982778: libglib2.0-0: GHSL-2021-045: Integer overflow in g_memdup()/g_bytes_new() on 64-bit platforms
Next by Date: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)
Previous by thread: Bug#982778: libglib2.0-0: GHSL-2021-045: Integer overflow in g_memdup()/g_bytes_new() on 64-bit platforms
Next by thread: Update of OpenVSwitch in Stretch
Index(es):
- Date
- Thread