Bug#924344: glib2.0: CVE-2019-9633

2019-04-03 Thread Salvatore Bonaccorso
Control: notfound -1 2.58.3-1 Hi Philip, hi Simon, On Wed, Apr 03, 2019 at 01:18:36PM +0100, Philip Withnall wrote: > On Wed, 2019-04-03 at 13:00 +0100, Simon McVittie wrote: > > On Fri, 29 Mar 2019 at 20:13:17 +0100, Moritz Mühlenhoff wrote: > > > On Mon, Mar 11, 2019 at 09:32:02PM +0100, Salvat

Bug#924344: glib2.0: CVE-2019-9633

2019-04-03 Thread Philip Withnall
On Wed, 2019-04-03 at 13:00 +0100, Simon McVittie wrote: > On Fri, 29 Mar 2019 at 20:13:17 +0100, Moritz Mühlenhoff wrote: > > On Mon, Mar 11, 2019 at 09:32:02PM +0100, Salvatore Bonaccorso > > wrote: > > > Version: 2.58.3-1 > > Do we know for sure that 2.58.x is vulnerable? I've tried the > repro

Bug#924344: glib2.0: CVE-2019-9633

2019-04-03 Thread Simon McVittie
On Fri, 29 Mar 2019 at 20:13:17 +0100, Moritz Mühlenhoff wrote: > On Mon, Mar 11, 2019 at 09:32:02PM +0100, Salvatore Bonaccorso wrote: > > Version: 2.58.3-1 Do we know for sure that 2.58.x is vulnerable? I've tried the reproducer from the upstream bug and didn't see criticals or a crash. > > For

Bug#924344: glib2.0: CVE-2019-9633

2019-03-29 Thread Moritz Mühlenhoff
On Mon, Mar 11, 2019 at 09:32:02PM +0100, Salvatore Bonaccorso wrote: > Source: glib2.0 > Version: 2.58.3-1 > Severity: important > Tags: security upstream > Forwarded: https://gitlab.gnome.org/GNOME/glib/issues/1649 > Control: fixed -1 2.59.2-1 > > Hi, > > The following vulnerability was publish

Bug#924344: glib2.0: CVE-2019-9633

2019-03-11 Thread Salvatore Bonaccorso
Source: glib2.0 Version: 2.58.3-1 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/glib/issues/1649 Control: fixed -1 2.59.2-1 Hi, The following vulnerability was published for glib2.0, filling a bug for tracking. CVE-2019-9633[0]: | gio/gsocketclient.c in GN