Your message dated Sun, 14 Feb 2021 19:48:21 +0000
with message-id <[email protected]>
and subject line Bug#982779: fixed in glib2.0 2.67.3+git20210214-1
has caused the Debian Bug report #982779,
regarding libglib2.0-0: Integer overflow in
g_byte_array_new_take()/g_bytes_unref_to_array() on 64-bit platforms
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
982779: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982779
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libglib2.0-0
Version: 2.31.8-1
Severity: important
Tags: security fixed-upstream
Forwarded: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
X-Debbugs-Cc: [email protected], [email protected]
Control: close -1 2.66.7-1
Krzesimir Nowak discovered an integer overflow similar to, but not the
same as, GHSL-2021-045 (see separate bug report) which was fixed in
GLib 2.66.7. Any backports of this fix into older distribution releases
should probably be done at the same time as GHSL-2021-045, but the fixed
version upstream is different, so I've requested a separate CVE ID for it.
smcv
--- End Message ---
--- Begin Message ---
Source: glib2.0
Source-Version: 2.67.3+git20210214-1
Done: Simon McVittie <[email protected]>
We believe that the bug you reported is fixed in the latest version of
glib2.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <[email protected]> (supplier of updated glib2.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 14 Feb 2021 17:27:54 +0000
Source: glib2.0
Architecture: source
Version: 2.67.3+git20210214-1
Distribution: experimental
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Simon McVittie <[email protected]>
Closes: 982779
Changes:
glib2.0 (2.67.3+git20210214-1) experimental; urgency=medium
.
* d/changelog: Add bug reference for GHSL-2021-045 to previous entry
* New upstream git snapshot; among other changes:
- Fix regressions caused by the GHSL-2021-045 fixes in 2.67.3
- Warn and fail on integer overflow in g_byte_array_new_take()
for arrays larger than G_MAXUINT
(Closes: #982779; similar to GHSL-2021-045)
* d/libglib2.0-0.symbols: Add g_string_replace()
* Refresh patch series
* d/rules, d/tests: Generate various locales mentioned in the tests
* Mark dbus as <!nocheck> <!noinsttest>.
Several of the installed-tests won't be built unless dbus-daemon is
available, so <!nocheck> is insufficient.
* Move test-dependencies to Build-Depends-Arch.
We don't run the majority of the tests when we're only building the
documentation.
* Remove an unused Lintian override
* Add more Lintian overrides for test data
Checksums-Sha1:
2b5f99049fa0d35570104ccbb3b33e4ef927f694 3602 glib2.0_2.67.3+git20210214-1.dsc
e0b43a60cb2991497d2b64dc2733c7e8ac68667f 4917640
glib2.0_2.67.3+git20210214.orig.tar.xz
29d1e305560b5f76c899d7ae55e987dfe61c5a84 98040
glib2.0_2.67.3+git20210214-1.debian.tar.xz
489b219fb65eb1716eed47849e1629e126613a53 7689
glib2.0_2.67.3+git20210214-1_source.buildinfo
Checksums-Sha256:
fcfa06170d05b9bfad67b32e04b8b5177ba25420d3b89334931f321d07111218 3602
glib2.0_2.67.3+git20210214-1.dsc
1018fa6def421f6811c927be86ca5981db0a4e42cbd72d22296831af6dd97be5 4917640
glib2.0_2.67.3+git20210214.orig.tar.xz
10a0c1bcacdb3f19ab3c4f3e97448481fd799e9f818dc0d5dfd9538d1fcff8a7 98040
glib2.0_2.67.3+git20210214-1.debian.tar.xz
5770964c574f5d2864fcc82b7c10e9479a6fde70f5a8519fd29e500602ff5bfd 7689
glib2.0_2.67.3+git20210214-1_source.buildinfo
Files:
9d57147898b55a6540a6bd59e78c2164 3602 libs optional
glib2.0_2.67.3+git20210214-1.dsc
ddb9b6da2d5881b994be5231b01d644a 4917640 libs optional
glib2.0_2.67.3+git20210214.orig.tar.xz
b4b0d5744c0429bb0d848baccbe6de35 98040 libs optional
glib2.0_2.67.3+git20210214-1.debian.tar.xz
d04c5231a446a7f2ded9e3c948bb3ed7 7689 libs optional
glib2.0_2.67.3+git20210214-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmApe6AACgkQ4FrhR4+B
TE+biQ/+PwcSemV+P8elugitclriuhs6Mvv2r2hVJHKFjXPyLLoLovYc9aEZ4Tg9
LhRsSZChOrT+jFLBruNGMkHzxAs7LwA9jJGTCI+BkgbjutxuL4kmSTdoCX4pAuYP
kAceHd5cVYRdeaaTlZjCTKcWlDzgZJ2ZmSR6Hs7v8lkWb1qocQbj9lX2qft/Lisj
IyP4tZ7B91BNk3tNfmlea0+4Vn3AhIFPBDHbRrSwLUnenFaaLt7c6AkB+amDYhA8
0Xgej9nO+4SWXlXBUXvHFrlk0EWVket+jBXAtPXc9r0ppClu2biPeJo0r8eKNKtA
VUJDy8MrEk2oLpY4RFRdxCwPEz4FhVhXEmE0VsccB/UyWelGD5Q9HwdgMVnBaZdw
MmExH0JPWkbl+zto8NmlCI1nbrtxYhZeH+NSuKD7EC0xhs/VLpeTfolvxTK6QWMB
odqWssxgt3HypBfEMfoqH7QZLSsUzH8xl/VM8z3N3eUQuSZsDKKo8uQhVs9ncoKr
XLY0aEUiF3paH4i1goyhJg2nk26JkzSwZ6c0R1hCOA3zMR49NYPqOEGYD6xddiTg
OTlMdGHrIh0JZ8OPSlnHBSBXEad0FWEHCIObW+xuN5dCRJhdSfDIp+nA+yxfmROT
6/1Cg2hyqFvHGlAES4e5OkgvhYFH3oxdHdb385u+MRzjKodpDpA=
=mP0h
-----END PGP SIGNATURE-----
--- End Message ---