-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 7 May 2024 14:39:25 BST Source: glib2.0 Architecture: source Version: 2.66.8-1+deb11u2 Distribution: bullseye-security Urgency: high Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Changes: glib2.0 (2.66.8-1+deb11u2) bullseye-security; urgency=high . * d/patches: Backport GDBus fixes from 2.80.1 - If local users send signals on the D-Bus system bus that spoof a trusted sender, do not deliver them to signal subscriptions for the trusted sender's well-known bus name (CVE-2024-34397) - Fix a use-after-free when subscribing to signals with an arg0 match rule, originally from 2.79.0 and necessary to make the test for CVE-2024-34397 pass reliably - Add a local backport of g_set_str(), required by the above Checksums-Sha256: baa9520a059c7dfb215d852bffdf15f4366a8d23fdd991e6900add5ec5902c38 3304 glib2.0_2.66.8-1+deb11u2.dsc a601120b0727b4f5084085ae9605bb46850ae79cc8c0fbab5397fdf5b3d25d3a 187692 glib2.0_2.66.8-1+deb11u2.debian.tar.xz d29d55f1ed473a5f3faf8ad33a800acbed3838a6a73e058c07cc30f15c974c96 8495 glib2.0_2.66.8-1+deb11u2_source.buildinfo 97bc87dd91365589af5cbbfea2574833aea7a1b71840fd365ecd2852c76b9c8b 4845548 glib2.0_2.66.8.orig.tar.xz Checksums-Sha1: 11ed4dd44d913a0bd92ba8c0601386d756668b47 3304 glib2.0_2.66.8-1+deb11u2.dsc c0b72f93f4b7877a1cf932ceb30e54c0080f3fee 187692 glib2.0_2.66.8-1+deb11u2.debian.tar.xz 93c7424629af3bb4d9dd802358956cbc605aee10 8495 glib2.0_2.66.8-1+deb11u2_source.buildinfo 668795cd3c2698a28987fb38d632ff7642ddf377 4845548 glib2.0_2.66.8.orig.tar.xz Files: d0c66764381ab9a1ebf54a98c402bdc3 3304 libs optional glib2.0_2.66.8-1+deb11u2.dsc e5fd26bb28da2c82303c668ae0dc64b8 187692 libs optional glib2.0_2.66.8-1+deb11u2.debian.tar.xz be4e4c1082ac585a58684a91791d4db4 8495 libs optional glib2.0_2.66.8-1+deb11u2_source.buildinfo 705dd46a43d339e8aea19e946e71c32a 4845548 libs optional glib2.0_2.66.8.orig.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmY6MqYACgkQ4FrhR4+B TE9JRg/+K9bnB8093yg598ii6FbB2wd2EGIMm14Srd1ezm5J0BdzSIXOb9BIVWna twTXuMUPYPEJEk8arJkHZv6IUW19PiO9ByzezRy/9wJuLAzQ+Vl690saZs97HwRR 2ggR0zZmwFjb1cZlTLOTPE/hIWfhEJmTeOMBz9Vo8wctpEwvhhNcsmNhdM5Pc0V/ +1r01n8Y0OtC9C289+jJA9js10WzqxBUIlH6Mc2ZsE8H9trzPLJXj1+Lml0DlQvL Hb//b4mKIJ9zDGo7g4THmcxwu+sgysdTkoyzqgY5QgH1w3D7VGU6siAhEpfPgiAs f2LIf1O2dfYHYEwEaD8N3aL51QN0E8veazdamjd0HKmYzXdlJmOXudlZwQszPbwb YeyV5W6gf8r5BUPbJwUaQ2Q2mWnhuPr+AaEuUSaXOkH205vrigswsv3ioEWoAOMy 0jCUF2cTqFFPoF7bscFX1ItsNdwbJZK0M0R15ZaTfpW2rtlJo6fJxGoPG/AnH9yT pFPnGnME3hVBM/vE6K0OQd7tmP/PBrVj2JSN8I6btUHFBWRhxaLqcAUv6k6IZj3S b9eRgbzCJwxl5f+3QnckmtAW/W9C7AyqqZtACxfAh+yMmhZxHTUI2QRh1O0CuDoA 5mWpNiLoglx0Gb4zA9Y5iOSz3afgvRSRUJNtExfUF6Q8cx0GUv0= =mNoF -----END PGP SIGNATURE-----
Attachment:
pgpcpbTWP0X8Q.pgp
Description: PGP signature