UbuntuUpdates.org

Package "glib2.0"

Name: glib2.0

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GLib library of C routines - installed tests

Latest version: 2.64.6-1~ubuntu20.04.8
Release: focal (20.04)
Level: updates
Repository: universe

Links



Other versions of "glib2.0" in Focal

Repository Area Version
base main 2.64.2-1~fakesync1
base universe 2.64.2-1~fakesync1
security universe 2.64.6-1~ubuntu20.04.8
security main 2.64.6-1~ubuntu20.04.8
updates main 2.64.6-1~ubuntu20.04.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.64.6-1~ubuntu20.04.8 2024-11-18 20:06:56 UTC

  glib2.0 (2.64.6-1~ubuntu20.04.8) focal-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2024-52533.patch: fix a single byte buffer
      overflow in connect messages in gio/gsocks4aproxy.c.
    - CVE-2024-52533

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 13 Nov 2024 16:12:53 -0300

Source diff to previous version
CVE-2024-52533 gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient f

Version: 2.64.6-1~ubuntu20.04.7 2024-05-09 15:07:09 UTC

  glib2.0 (2.64.6-1~ubuntu20.04.7) focal-security; urgency=medium

  [ Marco Trevisan (Treviño) ]
  * debian/patches: Backport patches to handle CVE-2024-34397

  [ Marc Deslauriers ]
  * debian/patches/CVE-2024-34397/gdbusconnection-regression.patch: fix
    ibus regression.

 -- Marc Deslauriers <email address hidden> Wed, 08 May 2024 13:30:11 -0400

Source diff to previous version
CVE-2024-34397 An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trus

Version: 2.64.6-1~ubuntu20.04.6 2023-06-14 16:07:03 UTC

  glib2.0 (2.64.6-1~ubuntu20.04.6) focal-security; urgency=medium

  * SECURITY UPDATE: multiple GVariant security issues
    - debian/patches/gvariant-security-*.patch: backported upstream fixes
      for GVariant normalization issues.
    - CVE-2023-24593, CVE-2023-29499, CVE-2023-25180, CVE-2023-32611,
      CVE-2023-32636, CVE-2023-32643, CVE-2023-32665

 -- Marc Deslauriers <email address hidden> Thu, 08 Jun 2023 10:20:31 -0400

Source diff to previous version
CVE-2023-29499 GVariant offset table entry size is not checked in is_normal()
CVE-2023-32611 g_variant_byteswap() can take a long time with some non-normal inputs
CVE-2023-32665 GVariant deserialisation does not match spec for non-normal data

Version: 2.64.6-1~ubuntu20.04.4 2021-07-23 02:06:20 UTC

  glib2.0 (2.64.6-1~ubuntu20.04.4) focal; urgency=medium

  * Initialise memory used for file builder buffers to zero, since memory
    artifacts found themseleves into gschema.compiled files, leading to glib
    being unable to parse the gschema.compiled files, causing gdm, gnome-shell
    and various gnome applications to fail to
    start. (LP: #1930359)
      - d/p/gvdb-builder-Initialise-some-memory-to-zero-in-the-bloom-.patch

 -- Matthew Ruffell <email address hidden> Mon, 12 Jul 2021 15:56:16 +0100

Source diff to previous version
1930359 glib2.0: Uninitialised memory is written to gschema.compiled, failure to parse this file leads to gdm, gnome-shell failing to start

Version: 2.64.6-1~ubuntu20.04.3 2021-03-15 20:06:25 UTC

  glib2.0 (2.64.6-1~ubuntu20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect g_file_replace() symlink handling
    - debian/patches/CVE-2021-28153-1.patch: fix a typo in a comment in
      gio/glocalfileoutputstream.c.
    - debian/patches/CVE-2021-28153-2.patch: stop using g_test_bug_base()
      in file tests in gio/tests/file.c.
    - debian/patches/CVE-2021-28153-3.patch: factor out a flag check in
      gio/glocalfileoutputstream.c.
    - debian/patches/CVE-2021-28153-4.patch: fix CREATE_REPLACE_DESTINATION
      with symlinks in gio/glocalfileoutputstream.c, gio/tests/file.c.
    - debian/patches/CVE-2021-28153-5.patch: add a missing O_CLOEXEC flag
      to replace() in gio/glocalfileoutputstream.c.
    - CVE-2021-28153

 -- Marc Deslauriers <email address hidden> Fri, 12 Mar 2021 11:38:38 -0500

CVE-2021-28153 An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a



About   -   Send Feedback to @ubuntu_updates