[ubuntu/resolute-proposed] glib2.0 2.86.3-5 (Accepted)
Jeremy Bícha
jbicha at ubuntu.com
Thu Jan 29 11:16:53 UTC 2026
glib2.0 (2.86.3-5) unstable; urgency=medium
* d/control, d/gbp.conf: Set branch for testing/unstable.
We already have 2.87.x in experimental, using the debian/latest branch.
* d/p/gbufferedinputstream-Fix-a-potential-integer-overflow-in-.patch:
Avoid a crash in g_buffered_input_stream_peek().
This is only a problem if an extremely large offset is used.
(CVE-2026-0988; Closes: #1125752)
* d/p/gbase64-Use-gsize-to-prevent-potential-overflow.patch,
d/p/gbase64-Ensure-that-the-out-value-is-within-allocated-siz.patch:
Avoid a buffer overflow if an extremely large binary blob is encoded in
base64 (CVE-2026-1484, Closes: #1126551)
* d/p/gio-gcontenttype-fdo-Do-not-overflow-if-header-is-longer-.patch:
Avoid a buffer overflow if XDG_DATA_DIRS/mime/treemagic is a crafted
file with multi-gigabyte lines (CVE-2026-1485, Closes: #1126550)
* d/p/guniprop-Use-size_t-for-output_marks-length.patch,
d/p/guniprop-Do-not-convert-size_t-to-gint.patch,
d/p/guniprop-Ensure-we-do-not-overflow-size-in-g_utf8_-strdow.patch,
d/p/glib-tests-unicode-Add-test-debug-information-when-parsin.patch:
Avoid a buffer overflow if crafted multi-gigabyte text is converted
between upper and lower case (CVE-2026-1489, Closes: #1126549)
* d/p/gtimezone-Handle-etc-localtime-symlink-pointing-to-anothe.patch,
d/p/gtimezone-Use-var-db-timezone-zoneinfo-as-the-default-TZD.patch:
Add patches from 2.87.x to fix handling of time zones that are symlinks
(Closes: #1119919) (LP: #2130378)
* d/control: (Build-)Depend on libselinux-dev instead of libselinux1-dev
(Closes: #1124750)
Date: 2026-01-29 04:39:42.509371+00:00
Signed-By: Jeremy Bícha <jbicha at ubuntu.com>
https://launchpad.net/ubuntu/+source/glib2.0/2.86.3-5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Resolute-changes
mailing list