Your message dated Fri, 26 Dec 2025 14:47:43 +0000
with message-id <[email protected]>
and subject line Bug#1122347: fixed in glib2.0 2.74.6-2+deb12u8
has caused the Debian Bug report #1122347,
regarding glib#3834, CVE-2025-14087: signed integer overflow parsing GVariant
text format
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1122347: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122347
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: glib2.0
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/glib/-/issues/3834
X-Debbugs-Cc: Debian Security Team <[email protected]>,
[email protected]
Control: close -1 2.86.3-1
There are some signed integer overflows possible when GLib parses
strings in the GVariant text format that encode a very large string,
bytestring or sequence (array, dict, tuple). By "very large" I mean
gigabytes. This could in theory be a security vulnerability if some
component is (IMO unwisely!) parsing attacker-supplied GVariant text
strings without imposing a reasonable size limit. This issue is also
known as glib#3834 or YWH-PGM9867-145.
The GVariant text format is an inefficient representation used for
debugging and human-editable configuration: if you think of it as a
strongly-typed alternative to JSON, that's a good mental model.
Like JSON, it doesn't really make sense for anything larger than maybe a
megabyte, especially when there is an equally expressive binary format
that encodes the same information in a much more efficient way. As far
as I can see, the GVariant *binary* format (the one that could
potentially make sense for gigabytes of data) is unaffected by this
vulnerability.
Security team: do I assume correctly that this is trixie-pu material,
rather than something for which you would want to issue a DSA? It
doesn't seem urgent to me.
For (old)stable and LTS I think it would make sense to handle backports
of all of the changes made in GLib 2.86.3 (excluding the
Windows-specific glib#3819 which doesn't affect Debian architectures) as
a single batch. This would also include CVE-2025-13601 (glib#3827
upstream, #1121488).
smcv
--- End Message ---
--- Begin Message ---
Source: glib2.0
Source-Version: 2.74.6-2+deb12u8
Done: Emilio Pozuelo Monfort <[email protected]>
We believe that the bug you reported is fixed in the latest version of
glib2.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <[email protected]> (supplier of updated glib2.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Dec 2025 15:29:38 +0100
Source: glib2.0
Architecture: source
Version: 2.74.6-2+deb12u8
Distribution: bookworm
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Emilio Pozuelo Monfort <[email protected]>
Closes: 1121488 1122346 1122347
Changes:
glib2.0 (2.74.6-2+deb12u8) bookworm; urgency=medium
.
* Team upload.
* CVE-2025-13601: integer overflow into heap buffer overflow escaping
very large strings in g_escape_uri_string (Closes: #1121488).
* CVE-2025-14087: buffer overwrite when processing large GVariant strings.
(Closes: #1122347).
* CVE-2025-14512: interger overflow into buffer overwrite when processing
file attributes in GIO's escape_byte_string (Closes: #1122346).
Checksums-Sha1:
aaff67896f599c5640d23177507aa5346f938c4d 3669 glib2.0_2.74.6-2+deb12u8.dsc
ed894bc4a82445f4f7b867a9da045f35d4b16b34 267596
glib2.0_2.74.6.orig-unicode-data.tar.xz
c924652ae8526754e765bbe9cc6ffe6885a7fedf 5217312 glib2.0_2.74.6.orig.tar.xz
d348e6231b48f2a7db82f09e1980e7322877ed22 151904
glib2.0_2.74.6-2+deb12u8.debian.tar.xz
a72472343de5f83f800dbd2838243fb538d9419e 6451
glib2.0_2.74.6-2+deb12u8_source.buildinfo
Checksums-Sha256:
335a778ee3ff24479f11041b1cbb4f23863f72f823d5d88da6ff5374b398890c 3669
glib2.0_2.74.6-2+deb12u8.dsc
dabcaff9298aa111a94e580561d2f29371f3e61b356c925ec5e0792df2b11ff2 267596
glib2.0_2.74.6.orig-unicode-data.tar.xz
069cf7e51cd261eb163aaf06c8d1754c6835f31252180aff5814e5afc7757fbc 5217312
glib2.0_2.74.6.orig.tar.xz
d1230f82328031e99769d8ec233872ba364cdeffa9ff6b2f83b86277f39c949f 151904
glib2.0_2.74.6-2+deb12u8.debian.tar.xz
e6de0e103e1a240f3ac179603b5902d75c54869a3f057eb48a09d01fe9034b4a 6451
glib2.0_2.74.6-2+deb12u8_source.buildinfo
Files:
3613477e26307a4b8a2a55ba1d07d611 3669 libs optional
glib2.0_2.74.6-2+deb12u8.dsc
b04bd93cfba7c4035f152578abe28c32 267596 libs optional
glib2.0_2.74.6.orig-unicode-data.tar.xz
38f81d4a06c03e667b1f4d73cb803da8 5217312 libs optional
glib2.0_2.74.6.orig.tar.xz
790d91ae669f9c0abfeb6ef1b0ee29f7 151904 libs optional
glib2.0_2.74.6-2+deb12u8.debian.tar.xz
8473e807383d79f13302170e6e2657b6 6451 libs optional
glib2.0_2.74.6-2+deb12u8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmlAISUACgkQnUbEiOQ2
gwJZ+BAApOyV1EQG6TfLGVvb9IV0ZwLQHaWOkRJfXdBsw0HquAj+0SQD1ZXYRO2n
xqevxLFvCNyd2XI/ZwK40qFquPz/AeFtuVEG5Zki/rIHIakzvvXJeod2PAeg0ZZI
PBvvcAIvzU6eTJ8wyVi/pLu2h2QI13CubF+KKf2UmJFXDvFFplHnMKw5bvzXsNDn
RM4BG+EJSBjxY+L2v/d6wUebXqhY+lAtJ4vaDVo5gvuoHneAD8EzoyNozeEB2rle
X9TKNrVLy7NFJg5bQ/KNDLG1i43C91MmUdaJ2J5xBoq5raTk615bzuzkNQBGMORT
mywunm42i7PhyiRLYfzjYKFtErrlm5wxROWjrdvXxfzCq+q+w3CqyndZpeiA4V/H
XjruaszzJYz7mUv4SDV75FZme+DhfAQIBC81KUuFWcxDN9m22Q7PBeQVDsmPWUIb
pDP3pq0Fe8bG+xGiiWBDipKVRANOzzEOd6IH5XLt+hGLV7Ank79paphYFHEjDpee
T1SCBvJCgnLg3o8HWR5I413IdgxPn+GFSqFE/hODgyCtOOtbrKRfM9h502FN/1Xz
UginUevRSFLhM6CDfflSLGzmT54P0axy+MHF30C6JooO7vrUhR/ZTio5oBtJLqXN
U9xkp0ZYGyQJKuak3rkYKJledp9J3VOZ3Gfmjq+0pXtshjGH+ls=
=G02v
-----END PGP SIGNATURE-----
pgpapA0Jg4ReR.pgp
Description: PGP signature
--- End Message ---
