Your message dated Wed, 18 Jun 2025 10:03:21 +0000
with message-id <[email protected]>
and subject line unblock glib2.0
has caused the Debian Bug report #1107843,
regarding unblock: glib2.0/2.84.3-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1107843: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107843
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:glib2.0
User: [email protected]
Usertags: unblock
Please unblock package glib2.0
[ Reason ]
Fix CVE-2025-6052
[ Impact ]
If not accepted, automated vulnerability scanners will warn about an
unfixed vulnerability, and there could conceivably be a program in which
an attacker can trigger a buffer overflow (although it seems unlikely;
the failure scenario is rather contrived, and involves using up the entire
address space for text strings).
I took the opportunity to fix a minor documentation bug (outdated
Homepage field).
[ Tests ]
The automated test suite is fairly comprehensive and still passes (at
build-time and as an autopkgtest). There is no coverage for
CVE-2025-6052, because it would have to involve allocating multiple
gigabytes of memory even on 32-bit.
My GNOME desktop still operates normally.
[ Risks ]
Key package in most (all?) of our desktop environments, but the changes
are very narrowly targeted.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock glib2.0/2.84.3-1
diffstat for glib2.0-2.84.2 glib2.0-2.84.3
NEWS | 8 ++++++++
debian/changelog | 11 +++++++++++
debian/control | 2 +-
glib/gstring.c | 8 ++++----
meson.build | 2 +-
5 files changed, 25 insertions(+), 6 deletions(-)
diff -Nru glib2.0-2.84.2/debian/changelog glib2.0-2.84.3/debian/changelog
--- glib2.0-2.84.2/debian/changelog 2025-05-22 17:25:42.000000000 +0100
+++ glib2.0-2.84.3/debian/changelog 2025-06-15 12:12:51.000000000 +0100
@@ -1,3 +1,14 @@
+glib2.0 (2.84.3-1) unstable; urgency=medium
+
+ * New upstream stable release
+ - Move an ineffective string length overflow check to a location where it
+ will be effective, fixing a possible buffer overflow when working with
+ multi-gigabyte strings (CVE-2025-6052, Closes: #1107797; unlikely to be
+ exploitable in practice)
+ * d/control: Update Homepage (Closes: #1087982)
+
+ -- Simon McVittie <[email protected]> Sun, 15 Jun 2025 12:12:51 +0100
+
glib2.0 (2.84.2-1) unstable; urgency=medium
* New upstream stable release
diff -Nru glib2.0-2.84.2/debian/control glib2.0-2.84.3/debian/control
--- glib2.0-2.84.2/debian/control 2025-05-22 17:25:42.000000000 +0100
+++ glib2.0-2.84.3/debian/control 2025-06-15 12:12:51.000000000 +0100
@@ -49,7 +49,7 @@
gobject-introspection (>= 1.80.0) <!nodoc>,
Rules-Requires-Root: no
Standards-Version: 4.7.0
-Homepage: https://wiki.gnome.org/Projects/GLib
+Homepage: https://gitlab.gnome.org/GNOME/glib
Vcs-Browser: https://salsa.debian.org/gnome-team/glib
Vcs-Git: https://salsa.debian.org/gnome-team/glib.git
diff -Nru glib2.0-2.84.2/glib/gstring.c glib2.0-2.84.3/glib/gstring.c
--- glib2.0-2.84.2/glib/gstring.c 2025-05-20 17:22:25.000000000 +0100
+++ glib2.0-2.84.3/glib/gstring.c 2025-06-13 12:55:59.000000000 +0100
@@ -68,10 +68,6 @@
g_string_expand (GString *string,
gsize len)
{
- /* Detect potential overflow */
- if G_UNLIKELY ((G_MAXSIZE - string->len - 1) < len)
- g_error ("adding %" G_GSIZE_FORMAT " to string would overflow", len);
-
string->allocated_len = g_nearest_pow (string->len + len + 1);
/* If the new size is bigger than G_MAXSIZE / 2, only allocate enough
* memory for this string and don't over-allocate.
@@ -86,6 +82,10 @@
g_string_maybe_expand (GString *string,
gsize len)
{
+ /* Detect potential overflow */
+ if G_UNLIKELY ((G_MAXSIZE - string->len - 1) < len)
+ g_error ("adding %" G_GSIZE_FORMAT " to string would overflow", len);
+
if (G_UNLIKELY (string->len + len >= string->allocated_len))
g_string_expand (string, len);
}
diff -Nru glib2.0-2.84.2/meson.build glib2.0-2.84.3/meson.build
--- glib2.0-2.84.2/meson.build 2025-05-20 17:22:25.000000000 +0100
+++ glib2.0-2.84.3/meson.build 2025-06-13 12:55:59.000000000 +0100
@@ -1,5 +1,5 @@
project('glib', 'c',
- version : '2.84.2',
+ version : '2.84.3',
# NOTE: See the policy in docs/meson-version.md before changing the Meson dependency
meson_version : '>= 1.4.0',
default_options : [
diff -Nru glib2.0-2.84.2/NEWS glib2.0-2.84.3/NEWS
--- glib2.0-2.84.2/NEWS 2025-05-20 17:22:25.000000000 +0100
+++ glib2.0-2.84.3/NEWS 2025-06-13 12:55:59.000000000 +0100
@@ -1,3 +1,11 @@
+Overview of changes in GLib 2.84.3, 2025-06-13
+==============================================
+
+* Bugs fixed:
+ - !4656 Backport !4655 “gstring: Fix overflow check when expanding the string”
+ to glib-2-84
+
+
Overview of changes in GLib 2.84.2, 2025-05-20
==============================================
--- End Message ---
--- Begin Message ---
Unblocked glib2.0.
--- End Message ---
