Your message dated Fri, 26 Dec 2025 14:47:43 +0000
with message-id <[email protected]>
and subject line Bug#1122346: fixed in glib2.0 2.74.6-2+deb12u8
has caused the Debian Bug report #1122346,
regarding glib#3845: CVE-2025-14512: Integer overflow in file attribute escaping
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1122346: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122346
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: glib2.0
Severity: important
Tags: security fixed-upstream
Forwarded: https://gitlab.gnome.org/GNOME/glib/-/issues/3845
X-Debbugs-Cc: Debian Security Team <[email protected]>,
[email protected]
Control: close -1 2.86.3-1
>From the upstream issue report:
>The escape_byte_string() function in GLib's gio/gfileattribute.c uses
>a signed integer num_invalid to count characters requiring escaping
>before allocating an output buffer. When a file attribute (such as
>G_FILE_ATTRIBUTE_STANDARD_DISPLAY_NAME) contains a large number of
>invalid characters, the multiplication num_invalid * 3 can overflow
>the signed integer. This causes g_malloc(len + num_invalid*3 + 1)
>to allocate a buffer smaller than required. The subsequent escaping
>loop writes 4 bytes (\xCC format) per invalid character into this
>buffer, causing a heap buffer overflow. The issue is triggered when
>g_file_info_get_attribute_as_string() is called to retrieve byte string
>attributes.
In principle an attacker could intentionally cause denial of service, or
even heap corruption, using a file attribute of size >= 1 GiB, making
this maybe a security issue.
Upstream treated this as a (minor) security issue, but there is no CVE
ID that I am aware of. I would suggest fixing it in (old)stable and LTS
as part of the same batch as the two CVEs fixed in 2.86.3 upstream,
CVE-2025-14087 (glib#3834 upstream, Debian bug report pending) and
CVE-2025-13601 (glib#3827 upstream, #1121488 in Debian).
Security team: do I assume correctly that this is all trixie-pu
material, rather than something for which you would want to issue a DSA?
None of the fixes in GLib 2.86.3 seem urgent to me.
smcv
--- End Message ---
--- Begin Message ---
Source: glib2.0
Source-Version: 2.74.6-2+deb12u8
Done: Emilio Pozuelo Monfort <[email protected]>
We believe that the bug you reported is fixed in the latest version of
glib2.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <[email protected]> (supplier of updated glib2.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Dec 2025 15:29:38 +0100
Source: glib2.0
Architecture: source
Version: 2.74.6-2+deb12u8
Distribution: bookworm
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Emilio Pozuelo Monfort <[email protected]>
Closes: 1121488 1122346 1122347
Changes:
glib2.0 (2.74.6-2+deb12u8) bookworm; urgency=medium
.
* Team upload.
* CVE-2025-13601: integer overflow into heap buffer overflow escaping
very large strings in g_escape_uri_string (Closes: #1121488).
* CVE-2025-14087: buffer overwrite when processing large GVariant strings.
(Closes: #1122347).
* CVE-2025-14512: interger overflow into buffer overwrite when processing
file attributes in GIO's escape_byte_string (Closes: #1122346).
Checksums-Sha1:
aaff67896f599c5640d23177507aa5346f938c4d 3669 glib2.0_2.74.6-2+deb12u8.dsc
ed894bc4a82445f4f7b867a9da045f35d4b16b34 267596
glib2.0_2.74.6.orig-unicode-data.tar.xz
c924652ae8526754e765bbe9cc6ffe6885a7fedf 5217312 glib2.0_2.74.6.orig.tar.xz
d348e6231b48f2a7db82f09e1980e7322877ed22 151904
glib2.0_2.74.6-2+deb12u8.debian.tar.xz
a72472343de5f83f800dbd2838243fb538d9419e 6451
glib2.0_2.74.6-2+deb12u8_source.buildinfo
Checksums-Sha256:
335a778ee3ff24479f11041b1cbb4f23863f72f823d5d88da6ff5374b398890c 3669
glib2.0_2.74.6-2+deb12u8.dsc
dabcaff9298aa111a94e580561d2f29371f3e61b356c925ec5e0792df2b11ff2 267596
glib2.0_2.74.6.orig-unicode-data.tar.xz
069cf7e51cd261eb163aaf06c8d1754c6835f31252180aff5814e5afc7757fbc 5217312
glib2.0_2.74.6.orig.tar.xz
d1230f82328031e99769d8ec233872ba364cdeffa9ff6b2f83b86277f39c949f 151904
glib2.0_2.74.6-2+deb12u8.debian.tar.xz
e6de0e103e1a240f3ac179603b5902d75c54869a3f057eb48a09d01fe9034b4a 6451
glib2.0_2.74.6-2+deb12u8_source.buildinfo
Files:
3613477e26307a4b8a2a55ba1d07d611 3669 libs optional
glib2.0_2.74.6-2+deb12u8.dsc
b04bd93cfba7c4035f152578abe28c32 267596 libs optional
glib2.0_2.74.6.orig-unicode-data.tar.xz
38f81d4a06c03e667b1f4d73cb803da8 5217312 libs optional
glib2.0_2.74.6.orig.tar.xz
790d91ae669f9c0abfeb6ef1b0ee29f7 151904 libs optional
glib2.0_2.74.6-2+deb12u8.debian.tar.xz
8473e807383d79f13302170e6e2657b6 6451 libs optional
glib2.0_2.74.6-2+deb12u8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmlAISUACgkQnUbEiOQ2
gwJZ+BAApOyV1EQG6TfLGVvb9IV0ZwLQHaWOkRJfXdBsw0HquAj+0SQD1ZXYRO2n
xqevxLFvCNyd2XI/ZwK40qFquPz/AeFtuVEG5Zki/rIHIakzvvXJeod2PAeg0ZZI
PBvvcAIvzU6eTJ8wyVi/pLu2h2QI13CubF+KKf2UmJFXDvFFplHnMKw5bvzXsNDn
RM4BG+EJSBjxY+L2v/d6wUebXqhY+lAtJ4vaDVo5gvuoHneAD8EzoyNozeEB2rle
X9TKNrVLy7NFJg5bQ/KNDLG1i43C91MmUdaJ2J5xBoq5raTk615bzuzkNQBGMORT
mywunm42i7PhyiRLYfzjYKFtErrlm5wxROWjrdvXxfzCq+q+w3CqyndZpeiA4V/H
XjruaszzJYz7mUv4SDV75FZme+DhfAQIBC81KUuFWcxDN9m22Q7PBeQVDsmPWUIb
pDP3pq0Fe8bG+xGiiWBDipKVRANOzzEOd6IH5XLt+hGLV7Ank79paphYFHEjDpee
T1SCBvJCgnLg3o8HWR5I413IdgxPn+GFSqFE/hODgyCtOOtbrKRfM9h502FN/1Xz
UginUevRSFLhM6CDfflSLGzmT54P0axy+MHF30C6JooO7vrUhR/ZTio5oBtJLqXN
U9xkp0ZYGyQJKuak3rkYKJledp9J3VOZ3Gfmjq+0pXtshjGH+ls=
=G02v
-----END PGP SIGNATURE-----
pgpYAvcvsQjzV.pgp
Description: PGP signature
--- End Message ---
