Bug#982778: libglib2.0-0: GHSL-2021-045: Integer overflow in g_memdup()/g_bytes_new() on 64-bit platforms

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#982778: libglib2.0-0: GHSL-2021-045: Integer overflow in g_memdup()/g_bytes_new() on 64-bit platforms
From: Simon McVittie <smcv@debian.org>
Date: Sun, 14 Feb 2021 11:37:51 +0000
Message-id: <YCkLS/Ruk6AuDWgf@momentum.pseudorandom.co.uk>
Reply-to: Simon McVittie <smcv@debian.org>, 982778@bugs.debian.org

Package: libglib2.0-0
Version: 2.31.8-1
Severity: important
Tags: security fixed-upstream
X-Debbugs-Cc: team@security.debian.org, debian-lts@lists.debian.org
Control: close -1 2.66.6-1

Kevin Backhouse of the GitHub Security Lab found an integer overflow in
GLib: <https://gitlab.gnome.org/GNOME/glib/-/issues/2319>. I've requested a
CVE ID. Until then, it's tracked as GHSL-2021-045, or within Debian as
TEMP-0000000-300CAD.

This was accidentally disclosed before a fix existed, and the fixes are not
completely straightforward, leading to the initial fixes in 2.66.6
containing regressions. All of the regressions *that we know of* were fixed
in 2.66.7, but there might be more.

I would recommend that any backports to stable or oldstable are reviewed
carefully before release, preferably by an upstream or downstream GLib
maintainer (which is why I'm cc'ing the LTS team as a request to not
immediately rush into backporting this).

There is a separate integer overflow fixed in 2.66.7 for which I will
report a separate bug.

    smcv

Reply to:

Prev by Date: Re: Support for insecure applications
Next by Date: Bug#982779: libglib2.0-0: Integer overflow in g_byte_array_new_take()/g_bytes_unref_to_array() on 64-bit platforms
Previous by thread: unbound1.9_1.9.0-2+deb10u2~deb9u1_amd64.changes REJECTED
Next by thread: Bug#982779: libglib2.0-0: Integer overflow in g_byte_array_new_take()/g_bytes_unref_to_array() on 64-bit platforms
Index(es):
- Date
- Thread