-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 7 May 2024 14:39:03 BST Source: glib2.0 Architecture: source Version: 2.74.6-2+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Changes: glib2.0 (2.74.6-2+deb12u1) bookworm-security; urgency=high . * d/patches: Backport GDBus fixes from 2.80.1 - If local users send signals on the D-Bus system bus that spoof a trusted sender, do not deliver them to signal subscriptions for the trusted sender's well-known bus name (CVE-2024-34397) - Fix a use-after-free when subscribing to signals with an arg0 match rule, originally from 2.79.0 and necessary to make the test for CVE-2024-34397 pass reliably - Add a local backport of g_set_str(), required by the above - Add proposed fix for a race condition that can cause a unit test to regress after the above * d/gbp.conf, d/control.in: Use debian/bookworm branch for Debian 12 Checksums-Sha256: c284203bffd0010727d9c315d084cc2f61077ad3b7d14fc5355092fe26e294b5 3604 glib2.0_2.74.6-2+deb12u1.dsc b1b465830420dd146e9b6974902f241c5eba3e33f1b18fcb6155d805a14023c0 138472 glib2.0_2.74.6-2+deb12u1.debian.tar.xz 7314e932c197018be104874313e83903565c7ac06f11fd5bc9780067a5b5b5c4 7362 glib2.0_2.74.6-2+deb12u1_source.buildinfo dabcaff9298aa111a94e580561d2f29371f3e61b356c925ec5e0792df2b11ff2 267596 glib2.0_2.74.6.orig-unicode-data.tar.xz 069cf7e51cd261eb163aaf06c8d1754c6835f31252180aff5814e5afc7757fbc 5217312 glib2.0_2.74.6.orig.tar.xz Checksums-Sha1: da082cb96abb74e92c28a1f96f00b58ab0e9788d 3604 glib2.0_2.74.6-2+deb12u1.dsc 087b22bbc57ea7fa2165afa33bc3b112842f64d1 138472 glib2.0_2.74.6-2+deb12u1.debian.tar.xz aed2dadb4dc6884bcf3e09a4b43250d31017c6a1 7362 glib2.0_2.74.6-2+deb12u1_source.buildinfo ed894bc4a82445f4f7b867a9da045f35d4b16b34 267596 glib2.0_2.74.6.orig-unicode-data.tar.xz c924652ae8526754e765bbe9cc6ffe6885a7fedf 5217312 glib2.0_2.74.6.orig.tar.xz Files: 5de2f7d091bcdfd68a4a86009ca0e12f 3604 libs optional glib2.0_2.74.6-2+deb12u1.dsc 37e1453d48f043915a74d7742fa27ee0 138472 libs optional glib2.0_2.74.6-2+deb12u1.debian.tar.xz 2f6a38283c653e6e2aa396bb445b93d6 7362 libs optional glib2.0_2.74.6-2+deb12u1_source.buildinfo b04bd93cfba7c4035f152578abe28c32 267596 libs optional glib2.0_2.74.6.orig-unicode-data.tar.xz 38f81d4a06c03e667b1f4d73cb803da8 5217312 libs optional glib2.0_2.74.6.orig.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmY6MfAACgkQ4FrhR4+B TE+cSg/+NmweREwHFiqTZx26YRKsQHLvsI3JQyt/WqxXoyMCSvLsI1nOEgsFxBIS hxqD26QtYajM4GNe/QpE/F9P1baTsYaCryIAqK1RSl2h0O7tVxfOVg44tIBeLOIS HOow6YoJlw3d1QQyVqmxdcWd7BLIxLeqrdKxtQDoRWYZcqBgByfIT+Hyqv+3YE+k fxLY16otugDpRGq9/XNn0QFA6yPtPBRRCznvRUA8xkqvTcZOit5/0hdu/dlAb8Cm fSIlSQ8nZbCp559rNDhlKwYNCyHmEA8vDizuBxt3oKA+hfLKOEDc2rVdyxeWT+ms xJ8wGlFHzhVjuSqMPeLdIdExKxf2Nlhtaa3mqGYtkRSmxLFpLycHbFHOxww39EzU 4ZZw5nZqNk0aY81jMqIg50wNMUQZ1ae6Ia8QJjtYWQDyEpjBeEoQ0J4OmprTDPU5 5JME1sGA1mcMsFIxrplEVbofELZTvLiVCKS2a4C741th8bNWZM0u20aklJNZNx9G fgHkjt4cVimahvepGYo+80bNpnm8Ms9kxoWc1op0JSOs/D8Tjr+vC43ZdHP4vZYT 0Qgm4nyhBi8JoWlmvQwPp/+RcZ+CVJZ7r/sc1yopiXS2vfrhG3D84N6MmcYTbAMu PMvOFylNcPjC95JnOC0FPAf7eWvbSiGQNtNS3w/lc1j2CgSVbX0= =Y1wZ -----END PGP SIGNATURE-----
Attachment:
pgp2mWDIYvzIe.pgp
Description: PGP signature