On Sun, 15 Jun 2025 at 08:16:20 +0200, Salvatore Bonaccorso wrote:
On Sat, Jun 14, 2025 at 11:15:00PM +0100, Simon McVittie wrote:
On Sat, 14 Jun 2025 at 22:51:55 +0200, Salvatore Bonaccorso wrote:
> [1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4655
I don't think this is plausibly attacker-triggerable [...]
Thanks for the analysis. Yes agreed, then we do not need for trixie
already unless you plan anyway another update. Otherwise let's first
land in forky later.
There's a new upstream release with this as its only change, and if we
integrate that now it'll make the next security or bugfix update easier,
and I'm doing freeze exception requests for other GNOME packages anyway,
so I might as well upload it; but I wanted to point out that the
practical impact is more like "silence security-vulnerability scanners"
than fixing an actual vulnerability, so that we don't get the wrong
idea about its priority.
smcv
