-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 Aug 2025 09:27:51 +0100
Source: glib2.0
Binary: libglib2.0-0 libglib2.0-0-dbgsym libglib2.0-bin libglib2.0-bin-dbgsym libglib2.0-dev libglib2.0-dev-bin libglib2.0-dev-bin-dbgsym libglib2.0-tests libglib2.0-tests-dbgsym libglib2.0-udeb
Architecture: arm64
Version: 2.74.6-2+deb12u7
Distribution: bookworm
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-03) <buildd_arm64-arm-conova-03@buildd.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
 libglib2.0-0 - GLib library of C routines
 libglib2.0-bin - Programs for the GLib library
 libglib2.0-dev - Development files for the GLib library
 libglib2.0-dev-bin - Development utilities for the GLib library
 libglib2.0-tests - GLib library of C routines - installed tests
 libglib2.0-udeb - GLib library of C routines - minimal runtime (udeb)
Closes: 1065022 1104930 1110640 1110696
Changes:
 glib2.0 (2.74.6-2+deb12u7) bookworm; urgency=medium
 .
   * d/p/gstring-carefully-handle-gssize-parameters.patch,
     d/p/gstring-Make-len_unsigned-unsigned.patch:
     Add patches from upstream to fix a buffer underflow in GString.
     This could cause a memory overwrite if a program handles extremely large
     text strings of an attacker-controlled length. The required string length
     would be close to 2 GiB on 32-bit and the bug is not believed to be
     practically feasible to exploit on 64-bit. (CVE-2025-4373)
     (Closes: #1104930)
   * d/p/glib-gfileutils.c-use-64-bits-for-value-in-get_tmp_file.patch,
     d/p/gfileutils-fix-computation-of-temporary-file-name.patch:
     Add patches from upstream to fix a buffer underflow in get_tmp_file().
     This is used in g_mkstemp(), g_mkdtemp() and similar functions, and
     could cause a crash or possibly arbitrary file overwrites (believed to
     be unlikely to be exploitable in practice) if a long-running program
     creates more than 2 billion temporary files. (CVE-2025-7039)
     (Closes: #1110640)
   * d/libglib2.0-0.postrm.in:
     Rewrite postrm for safer upgrade behaviour, based on the version
     in unstable and proposed for inclusion in trixie:
     - Only remove giomodule.cache during purge, not during remove.
       This matches the behaviour of gschemas.compiled and avoids a window
       between old-postrm and new-postinst during which giomodule.cache is
       missing, breaking applications that need GIO modules.
     - Don't remove gschemas.compiled or giomodule.cache during purge
       if there is evidence that they might still be needed
       (Closes: #1065022, #1110696):
       + don't remove them if ${libdir}/glib-2.0 still exists, for example
         provided by libglib2.0-0t64 after upgrading to trixie;
       + don't remove gschemas.compiled if at least one GSettings schema
         still exists;
       + don't remove giomodule.cache if at least one GIO module still exists
     - Refactoring to support the above
   * d/tests/1065022-futureproofing:
     Add a test for #1065022, modified from the version in unstable and
     proposed for inclusion in trixie
Checksums-Sha1:
 a7175acfae6d7255a99d1a81901ac54453c8b245 11561 glib2.0_2.74.6-2+deb12u7_arm64-buildd.buildinfo
 857811c3d4238e387714a954bf2ba4b13ea9418f 4054832 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_arm64.deb
 66e4a7e6ec5adf644a428fa4c02a0fb5e9942c54 1315860 libglib2.0-0_2.74.6-2+deb12u7_arm64.deb
 6cc891064f7e92e2b201eeebe2a5abf17fe620d3 151580 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_arm64.deb
 8fc658ae69ee6ca0351819d8d909e4add217ff3c 107356 libglib2.0-bin_2.74.6-2+deb12u7_arm64.deb
 f836dda2bd35e27f299998bcb9a396607fe28433 72948 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_arm64.deb
 56047c31329a5c02cfe2d2f592ec12bca0d70fcd 151268 libglib2.0-dev-bin_2.74.6-2+deb12u7_arm64.deb
 44090ead15132061741da3062057e5c231ebf2a3 1619320 libglib2.0-dev_2.74.6-2+deb12u7_arm64.deb
 64f0bda39dcb9698534af57197af9059c0d602c2 4831396 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_arm64.deb
 8535925571229e5f03566ae19f6d03e421099044 1694756 libglib2.0-tests_2.74.6-2+deb12u7_arm64.deb
 6b5c78a15f698773ec6f6059474ca06d0c56b481 2180832 libglib2.0-udeb_2.74.6-2+deb12u7_arm64.udeb
Checksums-Sha256:
 2283d4d244f3ec013453f9390adf0f1ab6f4d4af8e7da72ce0069f00b46db1dc 11561 glib2.0_2.74.6-2+deb12u7_arm64-buildd.buildinfo
 8f3657dafe1325c5544442b2de09c457b057cde7248a0eb360c4ca1e0d5eea85 4054832 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_arm64.deb
 9466bfba7b842ec9d407913c98c8369e0dd4564f961f57386b368124cbf671e7 1315860 libglib2.0-0_2.74.6-2+deb12u7_arm64.deb
 8658cad0bc4069d5eef66d83827f09c6b7f2beccfc2fada83f7725586a282f72 151580 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_arm64.deb
 1cf1d029d7004af4b2baa39f93ba697227a030cc1e5d369e7d421c8783148ec3 107356 libglib2.0-bin_2.74.6-2+deb12u7_arm64.deb
 cfa357acd60c7a67a77c45fcff0cfe692766252b735f82de723532203747d42e 72948 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_arm64.deb
 08bc28720091e9e6b47d4f76d267000d29a11be9d55a2877a055d8cbacd7977e 151268 libglib2.0-dev-bin_2.74.6-2+deb12u7_arm64.deb
 639281756d513229e490814dc8982b64b2be4fd90a38a4dec910c4bf3c943689 1619320 libglib2.0-dev_2.74.6-2+deb12u7_arm64.deb
 e54cf0323f99719fb9dacb4bff8342f2da21fe1e719c9a3c67ef600242c704d0 4831396 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_arm64.deb
 2a7e7b036fc15dcaa7a5e494eb15a94fb87155ed247f3df3e360a3ec180b50f7 1694756 libglib2.0-tests_2.74.6-2+deb12u7_arm64.deb
 6499b15937a66248fa41e2d716148856a2fc33d30cd2ae1f77c4358b64197a6b 2180832 libglib2.0-udeb_2.74.6-2+deb12u7_arm64.udeb
Files:
 628724aae4171a0668d6862789ebf370 11561 libs optional glib2.0_2.74.6-2+deb12u7_arm64-buildd.buildinfo
 88632e1396627fb84dd212e332eaaf1c 4054832 debug optional libglib2.0-0-dbgsym_2.74.6-2+deb12u7_arm64.deb
 ad04fbde439cef33e362e1eb324ff8b4 1315860 libs optional libglib2.0-0_2.74.6-2+deb12u7_arm64.deb
 c7f59220c0a1500a8cef8545db5cf5a5 151580 debug optional libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_arm64.deb
 6666ec96b76b5e4b10c6aa4ed09c957a 107356 misc optional libglib2.0-bin_2.74.6-2+deb12u7_arm64.deb
 67c3cf0ea2575fd2df88bb388be6ff6a 72948 debug optional libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_arm64.deb
 86d0003c57ada2657e012a649dd8c9ab 151268 libdevel optional libglib2.0-dev-bin_2.74.6-2+deb12u7_arm64.deb
 ade4dffa238d597022ff31e4454b877f 1619320 libdevel optional libglib2.0-dev_2.74.6-2+deb12u7_arm64.deb
 dd2e2a88691b8448b36979d645599c68 4831396 debug optional libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_arm64.deb
 8314efdd7d43dea0950e153991703cc8 1694756 libs optional libglib2.0-tests_2.74.6-2+deb12u7_arm64.deb
 a0bf5f4ace4fe8fe2e0e0461ec37b4b9 2180832 debian-installer optional libglib2.0-udeb_2.74.6-2+deb12u7_arm64.udeb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmizZaYACgkQlST9Us03
ywt5ng//X/dmkoQKht34drvs0AmGEVMB6D0nzwN5pFw/RD0eUITpJunDyKAHrKcH
ZJmvHwpEKRDFslELN31fHh6vAVFRQ1xhuI0QtHhfYwEFVlrUiipYXfXlBZa+Sszj
JUXRMVR6qeNGZOVrgH0orSdSubdrLmd7K6OWJ+r5szowAZERBllsGsmAPrcwzIOr
ixob4m25ZSTcz8Eb0t1RyAKKunTLb9yAsojDirEldE3QsbPU+nFxzVzMcUh9Lxgq
sbKvMdzpJKLMzpr+NOO6Ri1cccN/aFCzLOZdDHneWoNMT6mSHpUaQQYNu+Y1eRTa
UoXJAqlS5TLtU6jqYQ4Q0NWeDXTEjn5rpDN8ZO/Rp4kgwo2p8cvIypDX08HfTMpv
VBWnqzcsKXpf5Pnm3J7KB6bk9JfSBbOIzzuiJl2ZRrw9cnfLpC6p1KUYrFUYXpqr
8HPsKvnfeaAyh0SXL3EYFDxxTf3IyrtCVauKYkgYxHexYS1E9UsAFDf5Wdecxq+J
vYE2/VqaKU4aQreMxrrL1MMtiUfWRHX86QeXtI0bVT+VDyCPUnMBR+HQAs0g9vZn
EB59ii5ObspvdlevOu8/pmaBMgjGHSfXqa/KMGkvIMwEP76ZurbMDBiGxhQyL3Ed
FzToj0CFLzwF9XT+t6Ds8FbDNdAEKEONBmUOQ8Lvi0busBZWvl4=
=CXF+
-----END PGP SIGNATURE-----