-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 18 Aug 2025 09:27:51 +0100 Source: glib2.0 Binary: libglib2.0-0 libglib2.0-0-dbgsym libglib2.0-bin libglib2.0-bin-dbgsym libglib2.0-dev libglib2.0-dev-bin libglib2.0-dev-bin-dbgsym libglib2.0-tests libglib2.0-tests-dbgsym libglib2.0-udeb Architecture: s390x Version: 2.74.6-2+deb12u7 Distribution: bookworm Urgency: medium Maintainer: s390x Build Daemon (zandonai) Changed-By: Simon McVittie Description: libglib2.0-0 - GLib library of C routines libglib2.0-bin - Programs for the GLib library libglib2.0-dev - Development files for the GLib library libglib2.0-dev-bin - Development utilities for the GLib library libglib2.0-tests - GLib library of C routines - installed tests libglib2.0-udeb - GLib library of C routines - minimal runtime (udeb) Closes: 1065022 1104930 1110640 1110696 Changes: glib2.0 (2.74.6-2+deb12u7) bookworm; urgency=medium . * d/p/gstring-carefully-handle-gssize-parameters.patch, d/p/gstring-Make-len_unsigned-unsigned.patch: Add patches from upstream to fix a buffer underflow in GString. This could cause a memory overwrite if a program handles extremely large text strings of an attacker-controlled length. The required string length would be close to 2 GiB on 32-bit and the bug is not believed to be practically feasible to exploit on 64-bit. (CVE-2025-4373) (Closes: #1104930) * d/p/glib-gfileutils.c-use-64-bits-for-value-in-get_tmp_file.patch, d/p/gfileutils-fix-computation-of-temporary-file-name.patch: Add patches from upstream to fix a buffer underflow in get_tmp_file(). This is used in g_mkstemp(), g_mkdtemp() and similar functions, and could cause a crash or possibly arbitrary file overwrites (believed to be unlikely to be exploitable in practice) if a long-running program creates more than 2 billion temporary files. (CVE-2025-7039) (Closes: #1110640) * d/libglib2.0-0.postrm.in: Rewrite postrm for safer upgrade behaviour, based on the version in unstable and proposed for inclusion in trixie: - Only remove giomodule.cache during purge, not during remove. This matches the behaviour of gschemas.compiled and avoids a window between old-postrm and new-postinst during which giomodule.cache is missing, breaking applications that need GIO modules. - Don't remove gschemas.compiled or giomodule.cache during purge if there is evidence that they might still be needed (Closes: #1065022, #1110696): + don't remove them if ${libdir}/glib-2.0 still exists, for example provided by libglib2.0-0t64 after upgrading to trixie; + don't remove gschemas.compiled if at least one GSettings schema still exists; + don't remove giomodule.cache if at least one GIO module still exists - Refactoring to support the above * d/tests/1065022-futureproofing: Add a test for #1065022, modified from the version in unstable and proposed for inclusion in trixie Checksums-Sha1: a5e0fa6d185a176a920b746a1591b83d3ddb6990 11433 glib2.0_2.74.6-2+deb12u7_s390x-buildd.buildinfo 67202ebad22cdb3a90b50a3c4cab5f8db19ad3d0 3938996 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_s390x.deb 2165fec86003a16b3b2efe57fe30e1d0b1f19eed 1287844 libglib2.0-0_2.74.6-2+deb12u7_s390x.deb 2782b7330ce92f9e730a3867925423d1b1689f92 143720 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_s390x.deb b91f7c947c358a0062272232b4c741bd41644fb9 106120 libglib2.0-bin_2.74.6-2+deb12u7_s390x.deb a5ec41d054ac6d73ca43cd37fc5d446c0b6e227d 68492 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_s390x.deb b2d8b7717c572326cb51345082bb6db063080ebd 150400 libglib2.0-dev-bin_2.74.6-2+deb12u7_s390x.deb 88aeb6d817e8692b750fab028f64cce735f71459 1500668 libglib2.0-dev_2.74.6-2+deb12u7_s390x.deb 107ad89263717743677ec7a6cbde5409ad2f2088 4201012 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_s390x.deb 61cdebeac7a6f33548f27ed43c3dbf8b225c1193 1687396 libglib2.0-tests_2.74.6-2+deb12u7_s390x.deb 65a9dde5203c9da174e31e0a498512a40b050feb 2156132 libglib2.0-udeb_2.74.6-2+deb12u7_s390x.udeb Checksums-Sha256: 52445f8afb500315876f545db39deda9d6e07d7243cbb3e4dbc4eebdda12afbf 11433 glib2.0_2.74.6-2+deb12u7_s390x-buildd.buildinfo ef69375277ca62f3186fcaeb2f349491cdffc1e91670bbcf017cd732022622ba 3938996 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_s390x.deb 39fa3879bbba1d44847df4a79d0868d3e5449d1575cd5256acb1670c8a61f808 1287844 libglib2.0-0_2.74.6-2+deb12u7_s390x.deb 99467422de7c7dc6bd661d9aa385a81682e274b0f301a74026888f1786abe57b 143720 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_s390x.deb ca7b22d7277946236c57ff0f706ee97fdbfb41d2bb7fa9ee034836ac32edeb07 106120 libglib2.0-bin_2.74.6-2+deb12u7_s390x.deb 46a7371ebdc0636909ad7b4b6208cd6e47a53c51d1db487d51004587dc7a0318 68492 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_s390x.deb c98ea5171f134aab940a3a1e4dcb5d847e6b2d3550d594016d21b12046249be7 150400 libglib2.0-dev-bin_2.74.6-2+deb12u7_s390x.deb 05508644c0a2d26c2b1a6137818e5285da05fe0e26f6b401e8c44c777cb6433e 1500668 libglib2.0-dev_2.74.6-2+deb12u7_s390x.deb 9588b892442e9729e58c8d4fcda27a02025383fd31f50ad1adb10b1f594abc82 4201012 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_s390x.deb fcda4423d2e703f25cdd035301db836541096da0863b19285da5732e0d69ba05 1687396 libglib2.0-tests_2.74.6-2+deb12u7_s390x.deb ecb63939022c10f2cf5d7edb22f87f835ebdc341f1acb68a826315bd4395ecee 2156132 libglib2.0-udeb_2.74.6-2+deb12u7_s390x.udeb Files: b65e2f42665ce62fbdf3907e23e23407 11433 libs optional glib2.0_2.74.6-2+deb12u7_s390x-buildd.buildinfo 74e5c422e5054a189c054ce1a3af60ad 3938996 debug optional libglib2.0-0-dbgsym_2.74.6-2+deb12u7_s390x.deb f6443c80cb5e9c549a1a5e95739780f4 1287844 libs optional libglib2.0-0_2.74.6-2+deb12u7_s390x.deb e1997eeba22de90e2e59dcb102c30b79 143720 debug optional libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_s390x.deb b2c2b06453c318d2128fb1bc8f6f0647 106120 misc optional libglib2.0-bin_2.74.6-2+deb12u7_s390x.deb 4ce45753d807f25f89d8fa22222c3831 68492 debug optional libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_s390x.deb 4949a697c25bb2d3a1d36f6ccdddfc04 150400 libdevel optional libglib2.0-dev-bin_2.74.6-2+deb12u7_s390x.deb 767de36cdff37c02e0946dad6c6ca483 1500668 libdevel optional libglib2.0-dev_2.74.6-2+deb12u7_s390x.deb 37c20d299e56d369df1b6a1cf1049b3c 4201012 debug optional libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_s390x.deb bfe7adef61bc8eb1f996fd54f70056cd 1687396 libs optional libglib2.0-tests_2.74.6-2+deb12u7_s390x.deb c2f8adb73244cfc3e0dbc5161e2fc3a4 2156132 debian-installer optional libglib2.0-udeb_2.74.6-2+deb12u7_s390x.udeb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu0D/YpnnSxv8epH9AKOyQzsWVasFAmizZasACgkQAKOyQzsW Vat92RAAvoRiqlKU1UUZyHIYAFHD/QxJtT7EuB2CNozH4I2/o09uDuVlyedKZ14J rhF7qEoBr9MCLDMQucG9eU2xkiNWs3mgndPXAZOOyUFIM2h3Ejf764B5UFwwRT0B BKsBGcX2nHEbEFYNdkGAiAsEsLhgjjXp0txqw0wjCpOmL4XrhJIAEcGGs8ARTwEC 2iSLj4UUTfq+Pi0k28sl56uUxIaF/dKE+DsVMOdVQn7OBeQ1ADtVesd3ZeO0QQeM 2ROh1fDXX7rJQqhEEyPPQCj9vqpyT6IodoTLQdtkePSDtoAt8HRlpg27h0nOHtJt SWnUewUBKAWEF66DbWUBZonYmHIa7m0/ybPC51UHJDLjSK9thkQI5j4//UqGoJOb 5yov69aWQvlL0VGcY5QlKXeSznOxKAfBKe6+Pw3mY17AoLrEZEcwv4i9j4X3NSNg o3ZFWtGJSVKJ5nvjdNo0A/WLncWAMB20piZ8huRERGJ75xsExan/i3Vecxfh+hX3 U+zcTq1X1eonSt0N4VnjsRrglSXwbsR2z30Tt7t7n56QknDEInFqGKPqd0ezn7ox 2bC7CadDyROozYcWd93UmBYkNf1bM2qOzWh+jRxfqJM/q3ZNNZEa5Es2+8IUVfSX MIcWup15r8xboz4wKRGDbmkXvbOzKAnqgeFaE6zHh27sCf9Jk2Q= =q2yX -----END PGP SIGNATURE-----