-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 12 Dec 2025 18:43:13 +0000 Source: glib2.0 Binary: libglib2.0-data libglib2.0-doc Architecture: all Version: 2.84.4-3~deb13u2 Distribution: trixie Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Simon McVittie Description: libglib2.0-data - Common files for GLib library libglib2.0-doc - Documentation files for the GLib library Closes: 1121488 1122346 1122347 Changes: glib2.0 (2.84.4-3~deb13u2) trixie; urgency=medium . * d/patches: Add patches from 2.86.3 upstream to avoid integer overflows - d/p/gconvert-Error-out-if-g_escape_uri_string-would-overflow.patch, d/p/fuzzing-Add-fuzz-tests-for-g_filename_-to-from-_uri.patch: Fix an integer overflow when interpolating hundreds of megabytes of unescaped text into a URI, and add test coverage (CVE-2025-13601, glib#3827 upstream, Closes: #1121488) - d/p/gvariant-parser-Fix-potential-integer-overflow-parsing-by.patch: Fix an integer overflow when parsing very large strings in GVariant text format (CVE-2025-14087, glib#3834 upstream, Closes: #1122347) - d/p/gvariant-parser-Use-size_t-to-count-numbers-of-child-elem.patch, d/p/gvariant-parser-Convert-error-handling-code-to-use-size_t.patch: Fix other potential integer overflows parsing very large container types in GVariant text format, related to CVE-2025-14087 - d/p/gfileattribute-Fix-integer-overflow-calculating-escaping-.patch: Fix an integer overflow when escaping invalid characters in very large file attributes (CVE-2025-14512, glib#3845 upstream, Closes: #1122346) Checksums-Sha1: c5d8f9f41084de9ba2f8b781d89f187618d3ec39 8784 glib2.0_2.84.4-3~deb13u2_all-buildd.buildinfo d6645a7f8faea69da286d72f612a5fd78ab29597 1286480 libglib2.0-data_2.84.4-3~deb13u2_all.deb 32e31ec5b246cd5ba8ceff07c7f0f7fc4686776d 2658112 libglib2.0-doc_2.84.4-3~deb13u2_all.deb Checksums-Sha256: a1e403de328ee07bd082b9207addb5762118af92c832ca0dc04fb806f6d763da 8784 glib2.0_2.84.4-3~deb13u2_all-buildd.buildinfo 87fc6c780ea7eef456ff16fdba1d6284e5b2e2e59f1fb84b5b18e31be85b0d1f 1286480 libglib2.0-data_2.84.4-3~deb13u2_all.deb 2a70e28d10e09319b9ce44aa9bdd8fae8f89d547dad0f7224556ab399dfe3fd8 2658112 libglib2.0-doc_2.84.4-3~deb13u2_all.deb Files: 0320656d2ca5c9a3f486669e75c2bf02 8784 libs optional glib2.0_2.84.4-3~deb13u2_all-buildd.buildinfo 71ef4e32272a720ad9eec27541599fa5 1286480 libs optional libglib2.0-data_2.84.4-3~deb13u2_all.deb 2c0beb8bb0fd151978c25a2162942645 2658112 doc optional libglib2.0-doc_2.84.4-3~deb13u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmlIHYQACgkQJuP6X4A0 XeLi9BAAs4iSt28rCf1MhQ5KZRv+SzvOeMAJgo+QX6TD49wtE9L7lVaA8Ji50MeM vAAq0EogBcp3a/S60Tvj3WEjqjOhDxn8L7dcOs8mjUeTn588Eoev4VdcvD4MkZR1 7SX2s9LICFwDLXCRY2TogV5V2bwAtomseD2be2nS3ivbmHwUow5XQBh1kwx6vf0m AOtLqyRZsT3kNHWXWzXlhclQVz6Ogl5tv2+9+9RIr0Na1xmSdUo/e7SyEr2oCiAx szP0HVjZswte87utoWAxyXsQJEQ8TmXfAvTuyXEtNAcRmd9cvu59QhoxCqsJiK2a dAn4v5AG/Jrxow/1+ccD2BCUDpL38e6CefDLN6vp0YtLZXZkVi2G372OiwB5Xr+v gNX5JMwEmT4JNNYwJYZfCc8R6g9GsAIdK2VfA2Zdizd3A4DwzMZQEYSdvuHQ6QVq /VWKO2i7b2FMNLTAmxFbsPA8O979/FnY2g9r3Buo/PIBhz6bvC7JtULWxvKd8581 905CiZsXUv3VHPUQ9lw4BI8ftRQQnxWh8wj1MambdqR7TaFVjHydAGfw4fKMmEIJ D86vyoqUfkRnGFTgjLE7paNmsLW3DWRB8jCHWk20p+BRLeVOj9uwAD5GtVW8YAEB X9p+Yp94VqudWshrUaCFCTDUqxdHFiV15RT2NpcZZ+yxZRNpQjE= =SJhp -----END PGP SIGNATURE-----