Package: release.debian.org Severity: normal X-Debbugs-Cc: [email protected] Control: affects -1 + src:glib2.0 User: [email protected] Usertags: unblock
Please unblock package glib2.0 [ Reason ] Fix CVE-2025-6052 [ Impact ] If not accepted, automated vulnerability scanners will warn about an unfixed vulnerability, and there could conceivably be a program in which an attacker can trigger a buffer overflow (although it seems unlikely; the failure scenario is rather contrived, and involves using up the entire address space for text strings). I took the opportunity to fix a minor documentation bug (outdated Homepage field). [ Tests ] The automated test suite is fairly comprehensive and still passes (at build-time and as an autopkgtest). There is no coverage for CVE-2025-6052, because it would have to involve allocating multiple gigabytes of memory even on 32-bit. My GNOME desktop still operates normally. [ Risks ] Key package in most (all?) of our desktop environments, but the changes are very narrowly targeted. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock glib2.0/2.84.3-1
diffstat for glib2.0-2.84.2 glib2.0-2.84.3 NEWS | 8 ++++++++ debian/changelog | 11 +++++++++++ debian/control | 2 +- glib/gstring.c | 8 ++++---- meson.build | 2 +- 5 files changed, 25 insertions(+), 6 deletions(-) diff -Nru glib2.0-2.84.2/debian/changelog glib2.0-2.84.3/debian/changelog --- glib2.0-2.84.2/debian/changelog 2025-05-22 17:25:42.000000000 +0100 +++ glib2.0-2.84.3/debian/changelog 2025-06-15 12:12:51.000000000 +0100 @@ -1,3 +1,14 @@ +glib2.0 (2.84.3-1) unstable; urgency=medium + + * New upstream stable release + - Move an ineffective string length overflow check to a location where it + will be effective, fixing a possible buffer overflow when working with + multi-gigabyte strings (CVE-2025-6052, Closes: #1107797; unlikely to be + exploitable in practice) + * d/control: Update Homepage (Closes: #1087982) + + -- Simon McVittie <[email protected]> Sun, 15 Jun 2025 12:12:51 +0100 + glib2.0 (2.84.2-1) unstable; urgency=medium * New upstream stable release diff -Nru glib2.0-2.84.2/debian/control glib2.0-2.84.3/debian/control --- glib2.0-2.84.2/debian/control 2025-05-22 17:25:42.000000000 +0100 +++ glib2.0-2.84.3/debian/control 2025-06-15 12:12:51.000000000 +0100 @@ -49,7 +49,7 @@ gobject-introspection (>= 1.80.0) <!nodoc>, Rules-Requires-Root: no Standards-Version: 4.7.0 -Homepage: https://wiki.gnome.org/Projects/GLib +Homepage: https://gitlab.gnome.org/GNOME/glib Vcs-Browser: https://salsa.debian.org/gnome-team/glib Vcs-Git: https://salsa.debian.org/gnome-team/glib.git diff -Nru glib2.0-2.84.2/glib/gstring.c glib2.0-2.84.3/glib/gstring.c --- glib2.0-2.84.2/glib/gstring.c 2025-05-20 17:22:25.000000000 +0100 +++ glib2.0-2.84.3/glib/gstring.c 2025-06-13 12:55:59.000000000 +0100 @@ -68,10 +68,6 @@ g_string_expand (GString *string, gsize len) { - /* Detect potential overflow */ - if G_UNLIKELY ((G_MAXSIZE - string->len - 1) < len) - g_error ("adding %" G_GSIZE_FORMAT " to string would overflow", len); - string->allocated_len = g_nearest_pow (string->len + len + 1); /* If the new size is bigger than G_MAXSIZE / 2, only allocate enough * memory for this string and don't over-allocate. @@ -86,6 +82,10 @@ g_string_maybe_expand (GString *string, gsize len) { + /* Detect potential overflow */ + if G_UNLIKELY ((G_MAXSIZE - string->len - 1) < len) + g_error ("adding %" G_GSIZE_FORMAT " to string would overflow", len); + if (G_UNLIKELY (string->len + len >= string->allocated_len)) g_string_expand (string, len); } diff -Nru glib2.0-2.84.2/meson.build glib2.0-2.84.3/meson.build --- glib2.0-2.84.2/meson.build 2025-05-20 17:22:25.000000000 +0100 +++ glib2.0-2.84.3/meson.build 2025-06-13 12:55:59.000000000 +0100 @@ -1,5 +1,5 @@ project('glib', 'c', - version : '2.84.2', + version : '2.84.3', # NOTE: See the policy in docs/meson-version.md before changing the Meson dependency meson_version : '>= 1.4.0', default_options : [ diff -Nru glib2.0-2.84.2/NEWS glib2.0-2.84.3/NEWS --- glib2.0-2.84.2/NEWS 2025-05-20 17:22:25.000000000 +0100 +++ glib2.0-2.84.3/NEWS 2025-06-13 12:55:59.000000000 +0100 @@ -1,3 +1,11 @@ +Overview of changes in GLib 2.84.3, 2025-06-13 +============================================== + +* Bugs fixed: + - !4656 Backport !4655 “gstring: Fix overflow check when expanding the string” + to glib-2-84 + + Overview of changes in GLib 2.84.2, 2025-05-20 ==============================================
