Accepted glib2.0 2.86.3-5 (source) into unstable

Wed, 28 Jan 2026 12:54:28 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 28 Jan 2026 18:44:21 +0000
Source: glib2.0
Architecture: source
Version: 2.86.3-5
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers 
<[email protected]>
Changed-By: Simon McVittie <[email protected]>
Closes: 1119919 1124750 1125752 1126549 1126550 1126551
Changes:
 glib2.0 (2.86.3-5) unstable; urgency=medium
 .
   * d/control, d/gbp.conf: Set branch for testing/unstable.
     We already have 2.87.x in experimental, using the debian/latest branch.
   * d/p/gbufferedinputstream-Fix-a-potential-integer-overflow-in-.patch:
     Avoid a crash in g_buffered_input_stream_peek().
     This is only a problem if an extremely large offset is used.
     (CVE-2026-0988; Closes: #1125752)
   * d/p/gbase64-Use-gsize-to-prevent-potential-overflow.patch,
     d/p/gbase64-Ensure-that-the-out-value-is-within-allocated-siz.patch:
     Avoid a buffer overflow if an extremely large binary blob is encoded in
     base64 (CVE-2026-1484, Closes: #1126551)
   * d/p/gio-gcontenttype-fdo-Do-not-overflow-if-header-is-longer-.patch:
     Avoid a buffer overflow if XDG_DATA_DIRS/mime/treemagic is a crafted
     file with multi-gigabyte lines (CVE-2026-1485, Closes: #1126550)
   * d/p/guniprop-Use-size_t-for-output_marks-length.patch,
     d/p/guniprop-Do-not-convert-size_t-to-gint.patch,
     d/p/guniprop-Ensure-we-do-not-overflow-size-in-g_utf8_-strdow.patch,
     d/p/glib-tests-unicode-Add-test-debug-information-when-parsin.patch:
     Avoid a buffer overflow if crafted multi-gigabyte text is converted
     between upper and lower case (CVE-2026-1489, Closes: #1126549)
   * d/p/gtimezone-Handle-etc-localtime-symlink-pointing-to-anothe.patch,
     d/p/gtimezone-Use-var-db-timezone-zoneinfo-as-the-default-TZD.patch:
     Add patches from 2.87.x to fix handling of time zones that are symlinks
     (Closes: #1119919) (LP: #2130378)
   * d/control: (Build-)Depend on libselinux-dev instead of libselinux1-dev
     (Closes: #1124750)
Checksums-Sha1:
 f9061d20b45776ef791a8e349678fa2c92439490 4965 glib2.0_2.86.3-5.dsc
 8317574af3996e8ad8503e4a0edd84781837acaa 148316 glib2.0_2.86.3-5.debian.tar.xz
 734f5d0e3edac07b95dd112e589b85fd31576837 15143984 glib2.0_2.86.3-5.git.tar.xz
 608dc9a94d723e08d18f6af3e1cd6ec9dc3ea212 17298 
glib2.0_2.86.3-5_source.buildinfo
Checksums-Sha256:
 e177c600ff21b6e8eb8bdd460288e762c081dff93f840953a02120e7fa44bf72 4965 
glib2.0_2.86.3-5.dsc
 f017c585a6df84f17973faf09fe27087755e3090ec9b300cb92d506fa4e542af 148316 
glib2.0_2.86.3-5.debian.tar.xz
 b2298e60f8de70eb3971070e564f56a9344c367898a59e2f3039da273723e638 15143984 
glib2.0_2.86.3-5.git.tar.xz
 b53af17941d13a25f62684c2e4cb9d35808e742447a7a6ce8a19e8f3a7f875eb 17298 
glib2.0_2.86.3-5_source.buildinfo
Files:
 66f8f9e283bce36f9d5f0fb23e6854c7 4965 libs optional glib2.0_2.86.3-5.dsc
 ecdf593b93fce6e4d073b7fef36994a2 148316 libs optional 
glib2.0_2.86.3-5.debian.tar.xz
 c32cfb0ddf93990218a54a2a80b199b2 15143984 libs None glib2.0_2.86.3-5.git.tar.xz
 c5a950e767be225dc398948dc0fffc54 17298 libs optional 
glib2.0_2.86.3-5_source.buildinfo
Git-Tag-Info: tag=8b25601146c33f50e808ec2ae1aed350b5fe4d1b 
fp=7a073ad1ae694fa25bff62e5235c099d3eb33076
Git-Tag-Tagger: Simon McVittie <[email protected]>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAml6WnUACgkQYG0ITkaD
wHmqWQ/+PVempnyIWFAGfC4K8eYtZsX7IHc3zud7BQdcqbyNZUJ0SL7CZOWfCbCU
XZd3ZFBJ3jC+VeQZa9aXG3pqG8T+JYLHvW+f0OmoV5eD9UKLNtoBOOH8LDyVfAkK
1W42d971H0cueVM9ooXTE76b1YR0pwE/aLpDP5ISFoW+TMhXEdegF42W/cwewEPb
WJ0u1qPaG8CputSN9Ox9S29zL/8nF3IFO0dr/hyue4kbqJPInyY2lsGIjZNOItZN
67rwboSlKlRJEJOTFz9a5aQSdUhknKSoCC3zmZzh30casHFF3gzaHpBopHuXk191
p9muyVE94G2vX465Dpikmp2Kkvlu8bEDVMwzi7AJSJwlQeqxuO49/IOxEHge6Q1C
5RoxqQIzAui9VBtYrPGbPeL3JGM8pW1fSiYDCzioBGOMV6T7MpDBRzKTphlatXS/
jwoKBC6oTDP4qUfeN/XntWabcHjIR75vIJl+TtAy/G22zRXPzdPNNXepaBTgTn1Q
rS5PVKBOCJVTJJsXo6tvVHjEOr9YGYnL4L//NcfPrX2qJ8yytLwjZvkfj8cWWyyE
/1ZMy1Oda4+yERAf5oek422pp21gF8l/XqS5btkNc9GGzQj+o9+HCuUJVpN+vXRQ
E65S5tL5whi7CCalfTBZ05fokv9+dZOfVjyKxsGCOeCsAV87YVY=
=6ifO
-----END PGP SIGNATURE-----

Attachment: pgpgsWWaw8whm.pgp
Description: PGP signature

Reply via email to