-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 12 Dec 2025 18:43:13 +0000 Source: glib2.0 Architecture: source Version: 2.84.4-3~deb13u2 Distribution: trixie Urgency: medium Maintainer: Debian GNOME Maintainers Changed-By: Simon McVittie Closes: 1121488 1122346 1122347 Changes: glib2.0 (2.84.4-3~deb13u2) trixie; urgency=medium . * d/patches: Add patches from 2.86.3 upstream to avoid integer overflows - d/p/gconvert-Error-out-if-g_escape_uri_string-would-overflow.patch, d/p/fuzzing-Add-fuzz-tests-for-g_filename_-to-from-_uri.patch: Fix an integer overflow when interpolating hundreds of megabytes of unescaped text into a URI, and add test coverage (CVE-2025-13601, glib#3827 upstream, Closes: #1121488) - d/p/gvariant-parser-Fix-potential-integer-overflow-parsing-by.patch: Fix an integer overflow when parsing very large strings in GVariant text format (CVE-2025-14087, glib#3834 upstream, Closes: #1122347) - d/p/gvariant-parser-Use-size_t-to-count-numbers-of-child-elem.patch, d/p/gvariant-parser-Convert-error-handling-code-to-use-size_t.patch: Fix other potential integer overflows parsing very large container types in GVariant text format, related to CVE-2025-14087 - d/p/gfileattribute-Fix-integer-overflow-calculating-escaping-.patch: Fix an integer overflow when escaping invalid characters in very large file attributes (CVE-2025-14512, glib#3845 upstream, Closes: #1122346) Checksums-Sha1: 352632dbd57965138cc612e4a5369997410d7b6c 5004 glib2.0_2.84.4-3~deb13u2.dsc 80a867d4c954c5b1fb074673926e89950d22e04d 147008 glib2.0_2.84.4-3~deb13u2.debian.tar.xz 59a4c0d8d9259083e5b7306bd920c2b3a289629d 7656 glib2.0_2.84.4-3~deb13u2_source.buildinfo Checksums-Sha256: 11f6bc2e601e6f682cda7b9e9473573625de6d5bca840fd9167c8753b95deade 5004 glib2.0_2.84.4-3~deb13u2.dsc 61a886d74a2a77179bea9b89bad4e7eec421c3a553add55ec7ddd0bb1e1eefec 147008 glib2.0_2.84.4-3~deb13u2.debian.tar.xz 6f7fc6e83801a4bddb79fcef6165ad833b98eee9de8c3a4919e39934573e4acc 7656 glib2.0_2.84.4-3~deb13u2_source.buildinfo Files: 1440ec360a9fa85c47d28a4bc9b4e8f0 5004 libs optional glib2.0_2.84.4-3~deb13u2.dsc 6548f0874c6c78def9772ce5ed561168 147008 libs optional glib2.0_2.84.4-3~deb13u2.debian.tar.xz 0dcc3f50320457328878628f543ee4d2 7656 libs optional glib2.0_2.84.4-3~deb13u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmk8jPgACgkQI1wJnT6z MHbV/A/8Ck9ZRg7a/X5adD/Bt6vQ8FbHBaTuw4Hmb1r3wecDKGRAj/Aa7+goZgxh pgzaa0P9dDYC2pKxMWRv8YZ5OoFrlVfwUOunbh1736Y0F2pTSB2aKKFEt4rNM+Bs hl2vJ7LMdsDVaMaBC9X6Lj6uy1fR+DcyGaunDGMBQfEIAvHewgSAw17/p/HNMZgp VnA7o3oJXXphTVeYYN65XScj2sQsyGDRLfjVAVs4QrIGee3mniIMf4VkU32HAXeK zSQruFIcYfX5XFvnt88CK+XWnGGNew53OtTFnj/hGKyZejnS9+8rKVuFcnkQnqTO bzeMV7A/xVXBT7njUGB1a8c6weJzZtuaxlOPw0eigNhxr2rGComIw7uV1ZdELCJK RIy97dq9bOFz0lupRgS31z8gTLD+3ENjgMecHPd5ZGG5xI0STSB9rDxL+1kWHABS +X4ECg4jfQEXWeAujmWIpGbTZ3pRhRq2ybbRBJ13Sc05IJiM6QnOQwhDOHamNuMy AOWYKwP92CCUHD1oKmfnqeodFNpPxWw8qAbgW93r6BEy1757scqHq3dn0Gj8pNgS fp15Hzn02FAw09Qx2k63dvCr8k3RV+YtFGmYVYfxeuQok/TNI7YnKE1PHP1W88ei DjKx8Eq3mFiVNM/Wn+UgkBRErdhb9Dk31/OXmcrTQ0r0OQR+Swc= =YrG1 -----END PGP SIGNATURE-----