[Git][security-tracker-team/security-tracker][master] Reserve DLA-4412-1 for glib2.0

Emilio Pozuelo Monfort (@pochu) Tue, 16 Dec 2025 02:04:29 -0800


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
56b049ca by Emilio Pozuelo Monfort at 2025-12-16T11:04:06+01:00
Reserve DLA-4412-1 for glib2.0

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -44808,7 +44808,6 @@ CVE-2025-7039 (A flaw was found in glib. An integer 
overflow during temporary fi
        - glib2.0 2.84.4-1 (bug #1110640)
        [trixie] - glib2.0 2.84.4-3~deb13u1
        [bookworm] - glib2.0 2.74.6-2+deb12u7
-       [bullseye] - glib2.0 <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3716
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4674
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/glib/-/commit/61e963284889ddb4544e6f1d5261c16120f6fcc3
 (2.85.2)
@@ -73295,7 +73294,6 @@ CVE-2025-4374 (A flaw was found in Quay. When an 
organization acts as a proxy ca
 CVE-2025-4373 (A flaw was found in GLib, which is vulnerable to an integer 
overflow i ...)
        - glib2.0 2.84.1-3 (bug #1104930)
        [bookworm] - glib2.0 2.74.6-2+deb12u7
-       [bullseye] - glib2.0 <postponed> (Minor issue, fix along with next 
update)
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3677
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4588
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4592


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Dec 2025] DLA-4412-1 glib2.0 - security update
+       {CVE-2025-4373 CVE-2025-7039 CVE-2025-13601 CVE-2025-14087 
CVE-2025-14512}
+       [bullseye] - glib2.0 2.66.8-1+deb11u7
 [16 Dec 2025] DLA-4411-1 libgd2 - security update
        {CVE-2021-38115 CVE-2021-40145 CVE-2021-40812}
        [bullseye] - libgd2 2.3.0-2+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -105,10 +105,6 @@ git-lfs
   NOTE: 20251102: Added by Front-Desk (apo)
   NOTE: 20251102: Fix may be partial due to git < 2.42 in bullseye.
 --
-glib2.0 (Emilio)
-  NOTE: 20251129: Added by Front-Desk (rouca)
-  NOTE: 20251215: prepared bookworm-pu, will follow with bullseye next (pochu)
---
 golang-github-gorilla-csrf
   NOTE: 20250422: Added by Front-Desk (rouca)
   NOTE: 20250422: Need to binNMU reverse depends (in that order): 
golang-github-alecthomas-chroma, golang-github-niklasfasching-go-org, 
golang-github-yuin-goldmark-highlighting, hugo (rouca)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56b049cafac45cd1aba286ed188aa25b7ae8a56c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56b049cafac45cd1aba286ed188aa25b7ae8a56c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-4412-1 for glib2.0

Reply via email to