UbuntuUpdates.org

Package "libglib2.0-dev-bin"

Name: libglib2.0-dev-bin

Description:

Development utilities for the GLib library
Latest version: 2.80.0-6ubuntu3.8
Release: noble (24.04)
Level: updates
Repository: main
Head package: glib2.0
Homepage: https://wiki.gnome.org/Projects/GLib

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libglib2.0-dev-bin"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libglib2.0-dev-bin" in Noble

Repository Area Version
base main 2.80.0-6ubuntu1
security main 2.80.0-6ubuntu3.8

Changelog

Version: 2.80.0-6ubuntu3.8 2026-02-05 22:08:48 UTC

  glib2.0 (2.80.0-6ubuntu3.8) noble-security; urgency=medium

  * SECURITY UPDATE: integer overflow in Base64 encoding
    - debian/patches/CVE-2026-1484-1.patch: use gsize to prevent potential
      overflow in glib/gbase64.c.
    - debian/patches/CVE-2026-1484-2.patch: ensure that the out value is
      within allocated size in glib/gbase64.c.
    - CVE-2026-1484
  * SECURITY UPDATE: buffer underflow via header length
    - debian/patches/CVE-2026-1485.patch: do not overflow if header is
      longer than MAXINT in gio/gcontenttype.c.
    - CVE-2026-1485
  * SECURITY UPDATE: integer overflow via Unicode case conversion
    - debian/patches/CVE-2026-1489-1.patch: use size_t for output_marks
      length in glib/guniprop.c.
    - debian/patches/CVE-2026-1489-2.patch: do not convert size_t to gint
      in glib/guniprop.c.
    - debian/patches/CVE-2026-1489-3.patch: ensure we do not overflow size
      in glib/guniprop.c.
    - debian/patches/CVE-2026-1489-4.patch: add test debug information when
      parsing input files in glib/tests/unicode.c.
    - CVE-2026-1489

 -- Marc Deslauriers <email address hidden> Wed, 28 Jan 2026 12:53:07 -0500
Source diff to previous version
CVE-2026-1484 A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calcu
CVE-2026-1485 A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a
CVE-2026-1489 A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processin

Version: 2.80.0-6ubuntu3.7 2026-01-22 02:49:25 UTC

  glib2.0 (2.80.0-6ubuntu3.7) noble-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in g_buffered_input_stream_peek()
    - debian/patches/CVE-2026-0988.patch: fix a potential integer overflow
      in peek() in gio/gbufferedinputstream.c,
      gio/tests/buffered-input-stream.c.
    - CVE-2026-0988

 -- Marc Deslauriers <email address hidden> Tue, 20 Jan 2026 08:08:27 -0500
Source diff to previous version
CVE-2026-0988 A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer ove

Version: 2.80.0-6ubuntu3.6 2026-01-06 21:10:29 UTC

  glib2.0 (2.80.0-6ubuntu3.6) noble-security; urgency=medium

  * SECURITY UPDATE: overflow via long invalid ISO 8601 timestamp
    - debian/patches/CVE-2025-3360-1.patch: fix integer overflow when
      parsing very long ISO8601 inputs in glib/gdatetime.c.
    - debian/patches/CVE-2025-3360-2.patch: fix potential integer overflow
      in timezone offset handling in glib/gdatetime.c.
    - debian/patches/CVE-2025-3360-3.patch: track timezone length as an
      unsigned size_t in glib/gdatetime.c.
    - debian/patches/CVE-2025-3360-4.patch: factor out some string pointer
      arithmetic in glib/gdatetime.c.
    - debian/patches/CVE-2025-3360-5.patch: factor out an undersized
      variable in glib/gdatetime.c.
    - debian/patches/CVE-2025-3360-6.patch: add some missing GDateTime
      ISO8601 parsing tests in glib/tests/gdatetime.c.
    - CVE-2025-3360
  * SECURITY UPDATE: GString overflow
    - debian/patches/CVE-2025-6052.patch: fix overflow check when expanding
      the string in glib/gstring.c.
    - CVE-2025-6052
  * SECURITY UPDATE: integer overflow in temp file creation
    - debian/patches/CVE-2025-7039.patch: fix computation of temporary file
      name in glib/gfileutils.c.
    - CVE-2025-7039
  * SECURITY UPDATE: heap overflow in g_escape_uri_string()
    - debian/patches/CVE-2025-13601.patch: add overflow check in
      glib/gconvert.c.
    - CVE-2025-13601
  * SECURITY UPDATE: buffer underflow through glib/gvariant
    - debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow
      parsing (byte)strings in glib/gvariant-parser.c.
    - debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of
      child elements in glib/gvariant-parser.c.
    - debian/patches/CVE-2025-14087-3.patch: convert error handling code to
      use size_t in glib/gvariant-parser.c.
    - CVE-2025-14087
  * SECURITY UPDATE: integer overflow in gfileattribute
    - debian/patches/gfileattribute-overflow.patch: add overflow check in
      gio/gfileattribute.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Wed, 10 Dec 2025 10:51:22 -0500
Source diff to previous version
CVE-2025-3360 A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_fro
CVE-2025-6052 A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input ca
CVE-2025-7039 A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potenti
CVE-2025-13601 A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the
CVE-2025-14087 A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potenti

Version: 2.80.0-6ubuntu3.5 2025-12-04 00:54:39 UTC

  glib2.0 (2.80.0-6ubuntu3.5) noble; urgency=medium

  * debian: Update VCS references to ubuntu/noble branch
  * debian/patches: Fix a crash on arg0 matching.
    This is causing a crash in tracker if the battery charging state changes
    while tracker is indexing files, as tracker-extract-3 will try to emit
    property changes with a NULL arg0. (LP: #2119581)

 -- Marco Trevisan (Treviño) <email address hidden> Tue, 04 Nov 2025 16:05:02 +0100
Source diff to previous version
2119581 tracker-extract-3 is crashing on battery charge state change

Version: 2.80.0-6ubuntu3.4 2025-05-26 15:07:55 UTC

  glib2.0 (2.80.0-6ubuntu3.4) noble-security; urgency=medium

  * SECURITY UPDATE: Integer Overflow
    - debian/patches/CVE-2025-4373-1.patch: carefully handle gssize
      in glib/gstring.c.
    - debian/patches/CVE-2025-4373-2.patch: make len_unsigned
      unsigned in glib/gstring.c
    - CVE-2025-4373
  * Disable some consistently failing gio tests
    - debian/patches/disable_failing_gio_tests.patch: disable gdbus-peer
      and gdbus-address-get-session in gio/tests/meson.build.

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 15 May 2025 09:06:49 -0300
CVE-2025-4373 A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert


About   -   Send Feedback to @ubuntu_updates