Package "glib2.0"
| Name: |
glib2.0
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- Development files for the GObject introspection library
- GLib library of C routines - installed tests
|
| Latest version: |
2.80.0-6ubuntu3.6 |
| Release: |
noble (24.04) |
| Level: |
updates |
| Repository: |
universe |
Links
Other versions of "glib2.0" in Noble
Packages in group
Deleted packages are displayed in grey.
Changelog
|
glib2.0 (2.80.0-6ubuntu3.6) noble-security; urgency=medium
* SECURITY UPDATE: overflow via long invalid ISO 8601 timestamp
- debian/patches/CVE-2025-3360-1.patch: fix integer overflow when
parsing very long ISO8601 inputs in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-2.patch: fix potential integer overflow
in timezone offset handling in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-3.patch: track timezone length as an
unsigned size_t in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-4.patch: factor out some string pointer
arithmetic in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-5.patch: factor out an undersized
variable in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-6.patch: add some missing GDateTime
ISO8601 parsing tests in glib/tests/gdatetime.c.
- CVE-2025-3360
* SECURITY UPDATE: GString overflow
- debian/patches/CVE-2025-6052.patch: fix overflow check when expanding
the string in glib/gstring.c.
- CVE-2025-6052
* SECURITY UPDATE: integer overflow in temp file creation
- debian/patches/CVE-2025-7039.patch: fix computation of temporary file
name in glib/gfileutils.c.
- CVE-2025-7039
* SECURITY UPDATE: heap overflow in g_escape_uri_string()
- debian/patches/CVE-2025-13601.patch: add overflow check in
glib/gconvert.c.
- CVE-2025-13601
* SECURITY UPDATE: buffer underflow through glib/gvariant
- debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow
parsing (byte)strings in glib/gvariant-parser.c.
- debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of
child elements in glib/gvariant-parser.c.
- debian/patches/CVE-2025-14087-3.patch: convert error handling code to
use size_t in glib/gvariant-parser.c.
- CVE-2025-14087
* SECURITY UPDATE: integer overflow in gfileattribute
- debian/patches/gfileattribute-overflow.patch: add overflow check in
gio/gfileattribute.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Wed, 10 Dec 2025 10:51:22 -0500
|
| Source diff to previous version |
| CVE-2025-3360 |
A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_fro |
| CVE-2025-6052 |
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input ca |
| CVE-2025-7039 |
A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potenti |
| CVE-2025-13601 |
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the |
| CVE-2025-14087 |
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potenti |
|
|
glib2.0 (2.80.0-6ubuntu3.5) noble; urgency=medium
* debian: Update VCS references to ubuntu/noble branch
* debian/patches: Fix a crash on arg0 matching.
This is causing a crash in tracker if the battery charging state changes
while tracker is indexing files, as tracker-extract-3 will try to emit
property changes with a NULL arg0. (LP: #2119581)
-- Marco Trevisan (Treviño) <email address hidden> Tue, 04 Nov 2025 16:05:02 +0100
|
| Source diff to previous version |
| 2119581 |
tracker-extract-3 is crashing on battery charge state change |
|
|
glib2.0 (2.80.0-6ubuntu3.4) noble-security; urgency=medium
* SECURITY UPDATE: Integer Overflow
- debian/patches/CVE-2025-4373-1.patch: carefully handle gssize
in glib/gstring.c.
- debian/patches/CVE-2025-4373-2.patch: make len_unsigned
unsigned in glib/gstring.c
- CVE-2025-4373
* Disable some consistently failing gio tests
- debian/patches/disable_failing_gio_tests.patch: disable gdbus-peer
and gdbus-address-get-session in gio/tests/meson.build.
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 15 May 2025 09:06:49 -0300
|
| Source diff to previous version |
| CVE-2025-4373 |
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert |
|
|
glib2.0 (2.80.0-6ubuntu3.2) noble-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2024-52533.patch: fix a single byte buffer
overflow in connect messages in gio/gsocks4aproxy.c.
- CVE-2024-52533
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 13 Nov 2024 14:42:10 -0300
|
| Source diff to previous version |
| CVE-2024-52533 |
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient f |
|
|
glib2.0 (2.80.0-6ubuntu3.1) noble-security; urgency=medium
* SECURITY UPDATE: GDBus signal subscription mishandling
- debian/patches/CVE-2024-34397-*.patch: upstream commits.
- debian/control: added Breaks for gnome-shell without regression fix.
- CVE-2024-34397
-- Marc Deslauriers <email address hidden> Tue, 07 May 2024 13:30:21 -0400
|
| CVE-2024-34397 |
An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trus |
|
About
-
Send Feedback to @ubuntu_updates
