Univention Bugzilla – Bug 56654
glib2.0: Multiple issues (5.0)
Last modified: 2023-09-27 18:17:25 CEST
New Debian glib2.0 2.58.3-2+deb10u5 fixes: This update addresses the following issues: 2.58.3-2+deb10u5 (Mon, 25 Sep 2023 11:21:56 -0300) * Non-maintainer upload by the LTS Team * Add debian/salsa-ci.yml using lts-team/pipeline for buster * Fix several GVariant-related issues: * CVE-2023-29499: GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. * CVE-2023-32611: GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. * CVE-2023-32665: GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
--- mirror/ftp/pool/main/g/glib2.0/glib2.0_2.58.3-2+deb10u4.dsc +++ apt/ucs_5.0-0-errata5.0-5/source/glib2.0_2.58.3-2+deb10u5.dsc @@ -1,3 +1,17 @@ +2.58.3-2+deb10u5 [Mon, 25 Sep 2023 11:21:56 -0300] Santiago Ruano Rincón <santiago@freexian.com>: + + * Non-maintainer upload by the LTS Team + * Add debian/salsa-ci.yml using lts-team/pipeline for buster + * Fix several GVariant-related issues: + * CVE-2023-29499: GVariant deserialization fails to validate that the input + conforms to the expected format, leading to denial of service. + * CVE-2023-32611: GVariant deserialization is vulnerable to a slowdown issue + where a crafted GVariant can cause excessive processing, leading to denial + of service. + * CVE-2023-32665: GVariant deserialization is vulnerable to an exponential + blowup issue where a crafted GVariant can cause excessive processing, + leading to denial of service. + 2.58.3-2+deb10u4 [Thu, 15 Sep 2022 12:13:48 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: * CVE-2021-3800: information leak using CHARSETALIASDIR envvar. <http://piuparts.knut.univention.de/5.0-5/#3341071568078300111>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [bug/50385] 080827743a Bug #56654: glib2.0 2.58.3-2+deb10u5 doc/errata/staging/glib2.0.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) [bug/50385] f89531a2e5 Bug #56654: glib2.0 2.58.3-2+deb10u5 doc/errata/staging/glib2.0.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x818>